n.a set of tools and methods for copying and analyzing all of the digital information from a physical medium in such a way that ensures the integrity and authenticity of the information are preservedDuranti 2009, 43Presently, the goals of digital forensics professionals are very different from those of a trusted recordkeeper or custodian, but are similar to those that gave origin to diplomatics in the seventeenth century and resulted in its study in the European faculties of law in the eighteenth century. Diplomatists were the forensic scientists of their day; they were called upon to authenticate records in a court of law when the rights they attested to were challenged and their trustworthiness as records questioned. Comparing the concepts, principles, and methods of digital forensics and diplomatics of digital records might consequently strengthen both disciplines and lead to the development of a new body of knowledge that might be called Digital Records Forensics.Kirschenbaum et al. 2010, 1Digital forensics is an applied field originating in law enforcement, computer security, and national defense. It is concerned with discovering, authenticating, and analyzing data in digital formats to the standard of admissibility in a legal setting. . . . While such activities may seem happily removed from the concerns of the cultural heritage sector, the methods and tools developed by forensics experts represent a novel approach to key issues and challenges in the archives and curatorial community.Xie 2011, 577With the pervasive presence of digital records, the possibility of digital records being used as evidence in legal proceedings has greatly increased. This new type of evidence poses challenges in its collection, processing, maintenance, and presentation in court. Each of these steps involves establishing and demonstrating authenticity of the potential digital evidence, typically handled outside the environment in which it originated. Digital forensics emerged as a response to these challenges and has evolved into an independent field over a fairly short time.John 2012, 2There are three basic and essential principles in digital forensics: that the evidence is acquired without altering it; that this is demonstrably so; and that analysis is conducted in an accountable and repeatable way. Digital forensic processes, hardware and software have been designed to ensure compliance with these requirements.Daines 2013, 116Whatever transfer method is chosen [for digital files], the archivist needs to become familiar with digital forensics tools and techniques that will enable him or her to successfully transfer the materials without changing them or their associated metadata.Lee et al. 2013, 4Procedures and tools for acquiring and validating data from physical media are well established in the field of digital forensics. Their recognition and adoption within LAMs is a more recent phenomenon.Gilliland 2014a, 205Digital forensics is the branch of forensic science that relates to the recovery and investigation of evidence located on digital media of all kinds. Fundamentally, data files are palimpsests that retain all sorts of trace data, such as drafts, geo-references, and time stamps, that can be extracted using the appropriate software tools. It is even possible to analyze the physical bit encoding where it exists on digital media.O’Meara and Stratton 2016, 21Digital forensics is a discipline originating in law enforcement that involves the acquisition (or recovery) and analysis of digital objects for evidential purposes using file characteristics and metadata.Kowalczyk 2018, 218Digital forensics: the science of recovering, extracting, and investigating digital information while maintaining the chain of evidence and without leaving any traces.BitCurator Consortium 2020Digital forensics offers archivists new tools and methodologies to: ¶ Survey the extent of a collection ¶ Weed objects that do not fall under collecting policies ¶ Accession the contents of a collection ¶ Preserve the original order of a collection.
Notes
Originally developed by law enforcement and later adapted by archivists, the process in the context of archives typically involves the use of write blockers and software applications to conduct such activities as creating disk images, generating file manifests and checksums, extracting metadata, and characterizing files.
