Experimental Investigation of Frozen Solid State Drive on Digital Evidence with Static Forensic Methods
Abstract
The rapid development of computer technology in hardware, is currently developing non-volatile computer storage media Solid State Drive (SSD). SSD technology has a faster data access speed than Hard Disk and is currently starting to replace Hard Disk storage media. Freezing software on computer systems is often carried out by computer technicians, because it can save a computer maintenance costs due to errors, be exposed to computer viruses or malware. This software is used to prevent unwanted changes to the computer system, when the computer is restarted changes that occur in the computer system will not be stored on storage media. When this happens, what should be done by digital forensic investigators. This study discusses experimental forensic investigations on SSD media storage with frozen conditions or in this study said the frozen SSD. Frozen SSD is the condition of the drive that is locked so that there is no change in the computer system. Software used to lock and prevent changes such as Deep Freeze, Shadow Defender, Windows Steady State, and Toolwiz Time Freeze. Forensic research stages using methods NIST. The result shows that from comparative analysis conducted with Deep Freeze the results of the RecoverMyFile gives 76.38% and Autopsy gives 75,27%, while frozen condition with Shadow Defender the results of the RecoverMyFile gives 59.72% and Autopsy gives 74.44%. So the results of this study indicate the drive freezing software has an effect obtained can be an obstacle in the digital forensic process.
Downloads
References
[2] R. Ruuhwan, I. Riadi, and Y. Prayudi, “Evaluation of Integrated Ddigital Forensics Investigation Framework for The Investigation of Smartphones Using Soft System Methodology,” International Journal of Electrical and Computer Engineering (IJECE), vol. 7, no. 5, pp. 2806–2817, 2017.
[3] A. Silberschatz, P. B. Galvin, and G. Gagne, Operating System Concepts, 9th ed. United States of America: John Wiley & Sons, Inc., 2013.
[4] F. Geier, “The Differences Between SSD and HDD Technology Regarding Forensic Investigations,” Linnaeus University Sweden, 2015.
[5] R. A. Ramadhan, Y. Prayudi, and B. Sugiantoro, “Implementasi dan Analisis Forensika Digital pada Fitur Trim Solid State Drive (SSD),” Teknomatika, vol. 9, no. 2, pp. 1–13, 2017.
[6] Statista, “Solid-state Disk Drives (SSD) Share of Quarterly Share of Unit Shipments Worldwide from 2014 to 2018,” Statista.com, 2015. [Online]. Available: https://www.statista.com/statistics/412158/global-market-share-solid-state-drive-suppliers/. [Accessed: 12-Aug-2018].
[7] F. Albanna and I. Riadi, “Forensic Analysis of Frozen Hard Drive Using Static Forensics Method,” International Journal of Computer Science and Information Security (IJCSIS), vol. 15, no. 1, pp. 173–178, 2017.
[8] B. Rahardjo and I. P. A. E. Pratama, “Pengujian Dan Analisa Anti Komputer Forensik Menggunakan Shred Tool,” Lontar Komputer : Jurnal Ilmiah Teknologi Informasi, vol. 7, no. 2, pp. 104–114, 2016.
[9] S. S. R. Marupudi, “Solid State Drive : New Challenge for Forensic Investigation,” St. Cloud State University, 2017.
[10] I. Riadi, S. Sunardi, and A. Fauzan, “Examination of Digital Evidence on Android-based LINE Messenger,” International Journal of Cyber-Security and Digital Forensics (IJCSDF), vol. 7, no. 3, pp. 337–343, 2018.
[11] I. Riadi, J. Eko, A. Ashari, and S. -, “Internet Forensics Framework Based-on Clustering,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 4, no. 12, pp. 115–123, 2013.
[12] F. Jafari and R. S. Satti, “Comparative Analysis of Digital Forensic Models,” Journal of Advances in Computer Networks, vol. 3, no. 1, pp. 82–86, 2015.
[13] E. Akbal and S. Dogan, “Forensics Image Acquisition Process of Digital Evidence,” International Journal of Computer Network and Information Security, vol. 10, no. 5, pp. 1–8, 2018.
[14] I. Riadi, R. Umar, and A. Firdonsyah, “Forensic Tools Performance Analysis on Android-based Blackberry Messenger using NIST Measurements,” International Journal of Electrical and Computer Engineering (IJECE), vol. 8, no. 5, pp. 3991–4003, 2018.
[15] R. Umar, I. Riadi, and G. M. Zamroni, “Mobile Forensic Tools Evaluation for Digital Crime Investigation,” International Journal on Advanced Science, Engineering and Information Technology (IJASEIT), vol. 8, no. 3, p. 949, 2018.
[16] R. Umar, A. Yudhana, and M. N. Faiz, “Experimental Analysis of Web Browser Sessions using Live Forensics Method,” International Journal of Electrical and Computer Engineering (IJECE), vol. 8, no. 5, pp. 2951–2958, 2018.
[17] I. Riadi and R. Umar, “Identification of Digital Evidence on Android’s Blackberry Messenger Using NIST Mobile Forensic Method,” International Journal of Computer Science and Information Security (IJCSIS), vol. 15, no. 5, pp. 155–160, 2017.
[18] M. Patankar and D. Bhandari, “Forensic Tools used in Digital Crime Investigation,” Indian Journal of Applied Research, vol. 4, no. 5, pp. 278–283, 2014.
The Authors submitting a manuscript do so on the understanding that if accepted for publication, the copyright of the article shall be assigned to Jurnal Lontar Komputer as the publisher of the journal. Copyright encompasses exclusive rights to reproduce and deliver the article in all forms and media, as well as translations. The reproduction of any part of this journal (printed or online) will be allowed only with written permission from Jurnal Lontar Komputer. The Editorial Board of Jurnal Lontar Komputer makes every effort to ensure that no wrong or misleading data, opinions, or statements be published in the journal.
This work is licensed under a Creative Commons Attribution 4.0 International License.