Experimental Investigation of Frozen Solid State Drive on Digital Evidence with Static Forensic Methods

  • Imam Riadi Department of Information System, Universitas Ahmad Dahlan
  • Rusydi Umar Department of Informatics, Universitas Ahmad Dahlan
  • Imam Mahfudl Nasrulloh Department of Informatics Engineering, Universitas Ahmad Dahlan

Abstract

The rapid development of computer technology in hardware, is currently developing non-volatile computer storage media Solid State Drive (SSD). SSD technology has a faster data access speed than Hard Disk and is currently starting to replace Hard Disk storage media. Freezing software on computer systems is often carried out by computer technicians, because it can save a computer maintenance costs due to errors, be exposed to computer viruses or malware. This software is used to prevent unwanted changes to the computer system, when the computer is restarted changes that occur in the computer system will not be stored on storage media. When this happens, what should be done by digital forensic investigators. This study discusses experimental forensic investigations on SSD media storage with frozen conditions or in this study said the frozen SSD. Frozen SSD is the condition of the drive that is locked so that there is no change in the computer system. Software used to lock and prevent changes such as Deep Freeze, Shadow Defender, Windows Steady State, and Toolwiz Time Freeze. Forensic research stages using methods NIST. The result shows that from comparative analysis conducted with Deep Freeze the results of the RecoverMyFile gives 76.38% and Autopsy gives 75,27%, while frozen condition with Shadow Defender the results of the RecoverMyFile gives 59.72% and Autopsy gives 74.44%. So the results of this study indicate the drive freezing software has an effect obtained can be an obstacle in the digital forensic process.


 

Downloads

Download data is not yet available.

References

[1] S. Vidwarshi and N. Chandra, “Analysis of Development Phases in Digital Forensics,” International Journal of Advanced Computational Engineering and Networking, vol. 2, no. 8, pp. 90–95, 2015.
[2] R. Ruuhwan, I. Riadi, and Y. Prayudi, “Evaluation of Integrated Ddigital Forensics Investigation Framework for The Investigation of Smartphones Using Soft System Methodology,” International Journal of Electrical and Computer Engineering (IJECE), vol. 7, no. 5, pp. 2806–2817, 2017.
[3] A. Silberschatz, P. B. Galvin, and G. Gagne, Operating System Concepts, 9th ed. United States of America: John Wiley & Sons, Inc., 2013.
[4] F. Geier, “The Differences Between SSD and HDD Technology Regarding Forensic Investigations,” Linnaeus University Sweden, 2015.
[5] R. A. Ramadhan, Y. Prayudi, and B. Sugiantoro, “Implementasi dan Analisis Forensika Digital pada Fitur Trim Solid State Drive (SSD),” Teknomatika, vol. 9, no. 2, pp. 1–13, 2017.
[6] Statista, “Solid-state Disk Drives (SSD) Share of Quarterly Share of Unit Shipments Worldwide from 2014 to 2018,” Statista.com, 2015. [Online]. Available: https://www.statista.com/statistics/412158/global-market-share-solid-state-drive-suppliers/. [Accessed: 12-Aug-2018].
[7] F. Albanna and I. Riadi, “Forensic Analysis of Frozen Hard Drive Using Static Forensics Method,” International Journal of Computer Science and Information Security (IJCSIS), vol. 15, no. 1, pp. 173–178, 2017.
[8] B. Rahardjo and I. P. A. E. Pratama, “Pengujian Dan Analisa Anti Komputer Forensik Menggunakan Shred Tool,” Lontar Komputer : Jurnal Ilmiah Teknologi Informasi, vol. 7, no. 2, pp. 104–114, 2016.
[9] S. S. R. Marupudi, “Solid State Drive : New Challenge for Forensic Investigation,” St. Cloud State University, 2017.
[10] I. Riadi, S. Sunardi, and A. Fauzan, “Examination of Digital Evidence on Android-based LINE Messenger,” International Journal of Cyber-Security and Digital Forensics (IJCSDF), vol. 7, no. 3, pp. 337–343, 2018.
[11] I. Riadi, J. Eko, A. Ashari, and S. -, “Internet Forensics Framework Based-on Clustering,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 4, no. 12, pp. 115–123, 2013.
[12] F. Jafari and R. S. Satti, “Comparative Analysis of Digital Forensic Models,” Journal of Advances in Computer Networks, vol. 3, no. 1, pp. 82–86, 2015.
[13] E. Akbal and S. Dogan, “Forensics Image Acquisition Process of Digital Evidence,” International Journal of Computer Network and Information Security, vol. 10, no. 5, pp. 1–8, 2018.
[14] I. Riadi, R. Umar, and A. Firdonsyah, “Forensic Tools Performance Analysis on Android-based Blackberry Messenger using NIST Measurements,” International Journal of Electrical and Computer Engineering (IJECE), vol. 8, no. 5, pp. 3991–4003, 2018.
[15] R. Umar, I. Riadi, and G. M. Zamroni, “Mobile Forensic Tools Evaluation for Digital Crime Investigation,” International Journal on Advanced Science, Engineering and Information Technology (IJASEIT), vol. 8, no. 3, p. 949, 2018.
[16] R. Umar, A. Yudhana, and M. N. Faiz, “Experimental Analysis of Web Browser Sessions using Live Forensics Method,” International Journal of Electrical and Computer Engineering (IJECE), vol. 8, no. 5, pp. 2951–2958, 2018.
[17] I. Riadi and R. Umar, “Identification of Digital Evidence on Android’s Blackberry Messenger Using NIST Mobile Forensic Method,” International Journal of Computer Science and Information Security (IJCSIS), vol. 15, no. 5, pp. 155–160, 2017.
[18] M. Patankar and D. Bhandari, “Forensic Tools used in Digital Crime Investigation,” Indian Journal of Applied Research, vol. 4, no. 5, pp. 278–283, 2014.
Published
2018-12-21
How to Cite
RIADI, Imam; UMAR, Rusydi; NASRULLOH, Imam Mahfudl. Experimental Investigation of Frozen Solid State Drive on Digital Evidence with Static Forensic Methods. Lontar Komputer : Jurnal Ilmiah Teknologi Informasi, [S.l.], p. 169-181, dec. 2018. ISSN 2541-5832. Available at: <https://ojs.unud.ac.id/index.php/lontar/article/view/42965>. Date accessed: 21 nov. 2024. doi: https://doi.org/10.24843/LKJITI.2018.v09.i03.p06.
Section
Articles