The Society of American Archivists (SAA) 2012 annual meeting, Beyond Borders, began Monday, August 6 in San Diego with strong pre-conference sessions. I attended Digital Forensics for Archivists (DFA), a course focusing on specific tools and services that archivists need to use for their work with digital archives.

This is one of the many courses offered by SAA in its Digital Archives Specialist (DAS) Certificate Program.


I understand if the emerging partnership between law enforcement and the archival enterprise seems unusual. But consider: digital forensics has established principles, technologies and methods for extracting data and associated metadata that closely parallels archival repositories’ best practices.

In other words, this class is not for the faint of heart.

Enter our hero, instructor Dr. Cal Lee, Associate Professor of the University of North Carolina at Chapel Hill. Prior to class, he distributed two illustrative papers:

  • Digital Forensics and Born-Digital Content in Cultural Heritage Collections by Matthew G. Kirschenbaum, Richard Ovenden and Gabriela Redwine with research assistance from Rachel Donahue, and
  • his own Extending Digital Repository Architectures to Support Disk Image Preservation and Access, collaboratively written with Kam Woods and Simson Garfinkel

which we dutifully read. Obligation became pleasure as the first treatise unfolded; however, at 109 pages it’s a bit of a tome. In ten pages the second article summarizes the first (let’s hear it for brevity!). I recommend them both.

Motivation and Scope

Dr. Lee opened his commentary with thoughts on motivation. “Archivists are often responsible for acquiring or helping others access materials on removable storage media,” he said. “Often information is not packaged nor describes as one would hope. Information professionals must extract whatever useful information resides on the medium, while avoiding the accidental alteration of data or metadata.”

He defined digital forensics as “the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable.” The practice involves multiple methods of discovering digital data and recovering deleted, encrypted or damaged file information. He presented compelling points as to why archivists should care.

Two streams of activity show great promise for informing the practices of archivists:
  • a handful of innovative projects of collecting institutions exploring the application of digital forensics to acquisition, and
  • vendors and academic programs providing digital forensics training.”

He spoke reverently of several digital forensics projects: Stanford’s SULAIR, the Bodleian Library futureArch and the British Library in London.

Technical Background

Dr. Lee explained that digital objects are sets of instructions for future interaction. “Digital objects are useless if no one can interact with them. Interactions depend on numerous technical components.” He outlined the seven levels of representation: