BitCurator Environment

From BitCurator
Revision as of 04:11, 12 January 2018 by Kamwoods (talk | contribs) (Created page with "<div style="margin-top:0.5em; padding:0.5em 0.5em 0.5em 0.5em; background-color:#F5F5F5; align:right; "> The '''BitCurator Environment''' is a Ubuntu-derived Linux distributio...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The BitCurator Environment is a Ubuntu-derived Linux distribution geared towards the needs of archivists and librarians. It includes a suite of open source digital forensics and data analysis tools to help collecting institutions process born-digital materials. BitCurator supports positive digital preservation outcomes using software (see our BitCurator Environment Releases page) and practices adopted from the digital forensics community.

  • Create forensic disk images: Disk images packaged with metadata about devices, file systems, and the creation process.
  • Analyze files and file systems: View details on file system contents from a wide variety of file systems.
  • Extract file system metadata: File system metadata is a critical link in the chain of custody and in records of provenance.
  • Identify and redact sensitive information: Locate private and sensitive information on digital media and prepare materials for public access.
  • Locate and remove duplicate files: Know what files to keep and what can be discarded.


Please use the BitTorrent link to download the BitCurator Environment if possible. The links below also include a direct download.

BitCurator Virtual Machine (v1.8.12)


BitCurator Installation ISO (v1.8.12)

[SHA256] [Bootable USB drive guide]

Quickstart Guide Installing and using BitCurator.

The current release is built using Ubuntu 16.04 LTS. Looking for a previous (14.04 LTS) release? You can find the final stable download on the BitCurator Environment Releases page.

Virtual Machine Login

BitCurator ships with a default user. You are strongly encouraged to change the default password when working in a production environment.

username: bcadmin

password: bcadmin

Online Help

BitCurator User Group Get support and discuss issues with the community.
Screencasts and Video Tutorials Useful screencasts on our YouTube channel.


The source in the BitCurator environment GitHub repositories is GPL v3 licensed. This wiki, documentation, and other materials generated by the BitCurator team are licensed under Creative Commons Attribution 4.0 International (CC BY 4.0). All other software included in the BitCurator environment is distributed in accordance with original licenses.

Using BitCurator (Tasks and Workflows)

  1. BitCurator in Preservation and Archiving Workflows
  2. Preparing Media. Connect physical media and analyze file system(s) and other contents.
  3. Data Triage. Clean, organize, and explore your data.
  4. Using Digital Forensics Tools. Generate reports and prepare data for preservation or access.
  5. Or, explore using these features on their own:

    1. Understanding types of information you might wish to scan for
    1. Descriptions and examples of Digital Forensics XML tags
  6. Building and Using Regular Expressions. Many forensics tools include support for search using regular expressions, a powerful mechanism that can help you match a range of patterns with a single search string.

Using BitCurator (By Tool or Script)

  1. Software produced by the BitCurator team
    • BitCurator Reporting Tool: A GUI-driven (and optionally command-line) tool for running forensics tools in sequence to produce human- and machine-readable reports.
    • BitCurator Disk Image Access Tool: A GUI interface to browse raw and forensically-packaged disk images, export files and deleted items, and view disk image metadata.
    • BitCurator Mounter: A Qt GUI application to list currently attached devices along with technical details. Allows users to mount fixed and removable media according to the current mount policy.
    • BitCurator Read-Only AppIndicator: A Ubuntu AppIndicator allowing users to switch the system mount policy between "Read Only" and "Read/Write" for any attached media prior to mounting.
  2. Disk imaging
    • Guymager: Multi-threaded open-source forensic disk imaging tool.
    • dcfldd: A forensics-focused rewrite of dd.
    • dd: Create raw disk images and transfer data between devices.
    • ddrescue: A version of dd with additional options for data recovery.
    • ewfacquire: Acquire Expert Witness packaged disk images from devices on the command line.
    • cdrdao: CD imaging tool (primarily for audio CDs).
  3. Forensic analysis, hashing, and metadata generation
    • bulk_extractor: A stream-based tool for disk image analysis.
    • bulk_extractor Viewer (BEViewer): The GUI front-end for bulk-extractor
    • DFXML tools: A set of C and Python programs to process Digital Forensics XML.
    • fiwalk: File system analysis and DFXML export.
    • The Sleuth Kit: A suite of forensics tools, utilities, and APIs.
    • libewf: Open-source support for the Expert Witness format.
    • AFFLIB: Open-source library for the Advanced Forensic Format.
    • pyExifToolGUI: A GUI front-end for Exiftool. Allows editing of image metadata.
    • sdhash: File similarity tool using similarity digests.
    • ssdeep: Fast hash generation.
  4. Other utilities
    • ClamAV / ClamTK: Virus scanning.
    • FSlint: Duplicate file identification and deletion.
    • HFS Utilities: Utilities providing access to legacy HFS file systems, such as HFS Explorer.
    • FITS: The File Information Tool Set.
    • readpst: A utility for reading and exporting the contents of PST files.
    • recoll: An indexing tool.
    • GTK Hash: A cryptographic hashing tool.
    • GHex: A hex viewer/editor
    • Nautilus scripts: Support for various interactions with files and file systems.
    • Safe Mount: Software write-blocking for digital media.

Additional Useful Information

  1. Working with materials in a range of languages