lrts: Vol. 55 Issue 4: p. 235
Book Review: Digital Forensics and Born-Digital Content in Cultural Heritage Collections
Amy S. Jackson

Amy S. Jackson, University of New Mexico, Albuquerque; amyjacks@unm.edu

The purpose of this report from the Council on Library and Information Resources (CLIR) is to

introduce the field of digital forensics to professionals in the cultural heritage sector; and second, to explore some particular points of convergence between the interests of those charged with collecting and maintaining born-digital cultural heritage materials and those charged with collecting and maintaining legal evidence. (2)

Digital forensics is the field concerned with gathering legally admissible evidence from a computer environment, and it can include activities such as discovering, authentication, and analyzing digital data. The authors also hope to start a dialogue between the digital forensics and cultural heritage fields to promote shared knowledge and identify areas of common research interests. The ninety-three page report is divided into four sections: introduction, challenges, ethics, and conclusions and recommendations. The report was drafted by the authors and reviewed in detail by experts from both the archives and digital forensics communities at the Symposium on Computer Forensics and Cultural Heritage held May 2010 in Maryland.

The introduction provides context for the work, including purpose and audience, terminology and scope, background and assumptions, and a section on prior work, which includes both a literature review and a summary of digital archival projects using digital forensic techniques. The similarities between the domains of digital archives and digital forensics are explored, as well as the differences between interacting with a physical object and the levels of abstraction inherent in digital objects for any archival or forensic activity.

The next section addresses challenges for digital archiving and digital forensics, and it comprises the bulk of the report. Even though it is the most technical section of the report, technical jargon is minimal, and readers do not need an extensive computer science background to understand the content. The first issue presented in this chapter is the challenge of dealing with legacy formats. The authors provide information about legacy file systems, legacy operating systems and applications, and legacy hardware. They address technical issues, such as how to keep original bit streams unaltered, and human issues, such as the influence of system requirements on personal file structure and naming conventions. The next challenge addressed in the chapter is the need to retain the context of the original digital files. The historical context of a digital file and its relation to external events and other archival materials is just as important as the context of the digital file within the operating system. Authors stress the need to image an entire disk and compare checksums with the original disk before beginning activities that may alter the original file. The challenge of establishing trust is next, and the authors acknowledge the trust that an archival institution or repository must establish and maintain. Traditionally, this is done by documenting provenance, and it is similar in the digital domain. Additionally, digital repositories have agreed-upon standards, such as the ISO standard Reference Model for an Open Archival Information System (OAIS).1 The need to establish authenticity also is a challenge familiar to the traditional archival community, and it is equally important for digital archives. Archivists should establish the origin of files ingested into the archive as well as the provenance and any threats to the originality of the files. After files are transferred to the repository, archivists need to ensure that original files will not be tampered with. The fifth challenge addressed in this section is the recovery of lost data. Unless a drive is physically destroyed, it may be possible to recover files or data that have previously been deleted or written over. However, whether these data were intended to become part of an archival collection needs to be addressed before serious time and effort are put into recovering this data. The final challenge the authors address is the problem of determining the costs of providing an infrastructure for digital forensics in an archival setting. Because the field is relatively new and many variables exist, the current models are probably too generic to provide adequate models to determine short-term or long-terms costs for accessioning digital archives.

Although the section on ethics is smaller than the section on challenges, it is particularly important because this is the area with the most significant differences in practice between digital forensics and digital archiving. Archivists need to be concerned with not only what is possible in the realm of digital forensics but also what is ethical and appropriate for archival activities. The authors address security of a donor records first, emphasizing the need to demonstrate to donors that access to restricted materials is well managed, access to archives is well documented, records are not misused, and unauthorized access is not possible. A donor's right to privacy is another ethical issue encountered by digital archives, and authors stress that just because information is available does not mean that it necessarily should be provided to the public. Additionally, the wishes of the donor may or may not be served through significant exploration and extrapolation of digital files, and archivists should work with the donors, when possible, to ensure that their wishes are respected.

The final section of the report lists conclusions and recommendations reached by the authors and attendees of the Symposium on Computer Forensics and Cultural Heritage. The most compelling conclusion reached by all parties was that digital forensics activities should not be adopted into the cultural heritage community in their entirety. Instead, digital forensics offers many best practices and tools that are helpful for digital archives, but archives need to establish the boundary at which digital forensics is no longer appropriate and in the best interest of their donors and patrons. The authors conclude the report with a list of next steps to encourage forward momentum in the field.

The report also includes a comprehensive list of references and four appendixes. Appendix A uses table formats to compare several forensic software packages. Appendix B also uses tables to compare forensic hardware. Appendix C lists further resources, including books, technical references and reports, organizations, selected projects, and journals. Appendix D summarizes the Symposium on Computer Forensics and Cultural Heritage. Additionally, the report contains several independently authored full-page sidebars exploring key topics in further detail.

Although I often found the writing style of the report to be dry, it is well written, comprehensive, avoids technical jargon, and should be accessible to librarians who lack significant technical backgrounds. The report conveyed a wealth of information from the digital forensics field that is appropriate for archivists beginning to explore the complexities of digital archives.


Reference
Consultative Committee for Space Data Systems (CCSDS), Reference Model for an Open Archival Information System (OAIS), CCSDS 650.0-B-1, Blue Book Issue 1 Washington, D.C.:  CCSDS Secretariat, 2002

Article Categories:
  • Library and Information Science
    • Book Reviews

Refbacks

  • There are currently no refbacks.


ALA Privacy Policy

© 2024 Core