Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data.
Wikipedia. Digital forensics. Retrieved from http://en.wikipedia.org/wiki/Digital_forensics
Gengenbach, M. (2014, December 5). Digital forensics: What you must know! [DAS] [PowerPoint slides]. College Park, MD: Society of American Archivists.
Autopsy - "a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools."
BitCurator - a Mellon Foundation project that created the BitCurator Environment, "a stack of free and open source digital forensics tools and associated software libraries, modified and packaged for increased accessibility and functionality for collecting institutions."
Cygnus Hex Editor - a free hex editor (software); I used it in the SAA Digital Forensics workshop.
Forensic Toolkit (FTK) - According to the Forensics Wiki, it is "a commercial forensic software package distributed by AccessData."
Forensic Recovery of Evidence Device (FRED) - a type of "forensic workstation" that includes hardware write blockers. FRED devices are probably too expensive and specialized for our needs. However, we have UM colleagues at other campuses that own FREDs.
Forensics Wiki - the SAA Digital Forensics workshop speaker, Martin Gengenbach referred to this as a "great overall resource"
FTK Imager- a free forensic application by AccessData, the manufacturer of FTK. According to the user guide, it is "a data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool such as AccessData® Forensic Toolkit® (FTK) is warranted. FTK Imager can also create perfect copies (forensic images) of computer data without making changes to the original evidence." I used it in the SAA Digital Forensics workshop.
The Sleuth Kit (TSK) -"a library and collection of command line tools that allow you to investigate disk images. The core functionality of TSK allows you to analyze volume and file system data."
* Gengenbach, M. (2014, July 22). Revisiting digital forensics workflows in collecting institutions [PDF document]. Retrieved from http://www.digitalpreservation.gov/meetings/documents/ndiipp14/Gengenbach.pdf - A set of lecture slides
Kirschenbaum, M.G., Ovenden, R., & Redwine, G. (2010). Digital forensics and born-digital content in cultural heritage collections. Washington, D.C.: Councile on Library and Information Resources. Retrieved from http://www.clir.org/pubs/abstract/reports/pub149
* Lee, C. & Woods, K. (2013, March 14). Enhancing your workflow with digital forensics tools: The BitCurator Environment [PDF document]. Retrieved from http://digitaldiscussions.web.unc.edu/files/2013/03/bitcurator-digital-discussions-20130314.pdf - A set of lecture slides
Lee, C.A., Woods, K., Kirschenbaum, M., & Chassanoff, A. (2013, September 30). From bitstreams to to heritage: Putting digital forensics into practice in collecting institutions [White paper]. Retrieved from http://www.bitcurator.net/wp-content/uploads/2013/11/From-Bitstream-to-Heritage-S.pdf
Woods, K., Lee, C.A. & Garfinkel, S. (2011, June 13-17). “Extending digital repository architectures to support disk image preservation and access.” JCDL 11, Proceedings of the 11th Annual International ACM/IEEE Joint Conference on Digital Libraries, Ottawa, Ontario, Canada, p. 57-66. Retrieved from http://ils.unc.edu/callee/p57-woods.pdf