Computer Science > Cryptography and Security
[Submitted on 10 Jul 2023]
Title:SSD Forensic: Evidence Generation And Forensic Research On Solid State Drives Using Trim Analysis
View PDFAbstract:Traditional hard drives consisting of spinning magnetic media platters are becoming things of the past as with the emergence of the latest digital technologies and electronic equipment, the demand for faster, lighter, and more reliable alternate storage solutions is imperative. To attain these requirements, flash storage technologies like Solid State Drive (SSD) has overtaken traditional hard disk drives. In a forensic analysis of flash storage devices, forensic investigators are facing severe challenges for the reason that the sovereign behavior of solid-state storage media does not look favorable compared to traditional storage media devices. Wear Leveling, a fundamental mechanism in Solid State Drive (SSD), plays a severe challenge that most often destroys forensic evidence in many cases. It makes it complicated for forensic investigators to recover the necessary evidence. Persistence of deleted data in flash storage media depends on various factors like the Garbage Collection process, TRIM command, flash media type, manufacturer, capacity, file system, type of file saved, and the Operating System, etc. In view of this, extensive experiments conducted to identify the probability of data recovery and carving. Analyzed effects of Wear Leveling and Garbage Collection processes in Solid State Drive (SSD) of different manufacturers, having the same storage capacities and with a different type of files utilized. In conclusion, experimental findings established the fact that Wear Leveling in solid-state media can obfuscate digital evidence, and a conventional assumption regarding the behavior of storage media is no more valid. Moreover, data persistency also depends on the manufacturers, time-lapse of forensic analysis after data deletion, type of files, and size of files stored in Solid State Drives (SSD).
Current browse context:
math.IT
References & Citations
Bibliographic and Citation Tools
Bibliographic Explorer (What is the Explorer?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)
Code, Data and Media Associated with this Article
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower (What are Influence Flowers?)
Connected Papers (What is Connected Papers?)
CORE Recommender (What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.