Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Crime and Social Media: Legal Responses to Offensive Online Communications and Abuse Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

DaP∀: Deconstruct and Preserve for All: A Procedure for the Preservation of Digital Evidence on Solid State Drives and Traditional Storage Media

verfasst von : Ian Mitchell, Josué Ferriera, Tharmila Anandaraja, Sukhvinder Hara

Erschienen in: Cyber Criminology

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Human error is often a cause of contamination of potential digital evidence and can jeopardise an entire case. One of the biggest problems is the data acquisition stage that requires the Digital Forensic Analyst to make bit-for-bit copies of the device seized. This procedure, despite using write-blockers, can go wrong. The proposed Deconstruct and Preserve for all (DaP∀) aims at mitigating the risk involved in exposing any data to these procedures and ensures that third parties get an exact match; the process works on SSDs, GPT formatted devices, and other traditional formats, e.g. HDD. The results show a GPT TRIM enabled SSD imaged multiple times produces verification of matched hashes. With these results, it is proposed that DaP∀ should be considered as a Standard Operating Procedure (SOP) when completing data acquisition.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel An Investigator’s Christmas Carol: Past, Present, and Future Law Enforcement Agency Data Mining Practices
Nächstes Kapitel An Examination into the Effect of Early Education on Cyber Security Awareness Within the U.K.
Fußnoten
1
Depending on the operating system, the drive should be unmounted, e.g. Kali in Forensic mode.
 
2
Include HDD, Flash drives, SSD and similar storage devices.
 
Literatur
180-1, F.I.P.S.F. (1996). Secure hash standard.
Bell, G. B., & Boddington, R. (2010). Solid state drives: The beginning of the end for current practice in digital forensic recovery? Journal of Digital Forensics, Security and Law, 5(3), 1–20.
Carrier, B. (2005). File system: Forensic analysis. Boston: Addison-Wesley.
Carrier, B. (2011). The sleuth kit. TSK – sleuthkit.org.
DCFLDD 1.3.4-1. (2013). Test results for digital data aquisition tool (Technical report), Homeland Security.
Forensic Science Regulator (FSR). (2017). Codes of practice and conduct for forensic science providers and practitioners in the criminal justice system (Technical report), UK Govt, Birmingham.
Harbour, N. (2002). dcfldd. Defense Computer Forensics Lab. http:​/​dcfldd.​sourceforge.​net 5(5.2), 1.
King, C., & Vidas, T. (2011). Empirical analysis of solid state disk data retention when used with contemporary operating systems. Journal of Digital Investigation, 8, S111–S117.CrossRef
Krishna Mylavarapu, S., Choudhuri, S., Shrivastava, A., Lee, J., Givargis, T. (2009). Fsaf: File system aware flash translation layer for nand flash memories. In: Design, Automation & Test in Europe Conference & Exhibition, 2009. DATE’09 (pp. 399–404). IEEE.
Ligh, M. H., Case, A., Levy, J., & Walters, A. (2014). The art of memory forensics. Indianapolis: Wiley.
McKemmish, R. (1999). What is forensic computing? (Trends and issues in crime and criminal justice, Vol. 118). Canberra: Australian Institute of Criminology.
Mitchell, I., Anandaraja, T., Hadzhinenov, G., Hara, S., & Neilson, D. (2017). Deconstruct and preserve (DaP): A method for the preservation of digital evidence on solid state drives (SSD). In Global Security, Safety and Sustainability – The Security Challenges of the Connected World
MSAB. (2015). XRY – Android basics: Debugging and extractions, available on XRY certification course.
Nikkel, B. (2009). Forensic analysis of GPT disks and guid partition tables. Digital Investigation, 6, 39–47.CrossRef
Nisbet, A., Lawrence, S., & Ruff, M. (2013). A forensic analysis and comparison of solid state drive data retention with trim enabled file systems. In: Australian Digital Forensics Conference (pp. 103–11).
Shu, F., & Obr, N. (2007). Data set management commands proposal for ata8-acs2. Management, 2, 1.
Subramani, R., Swapnil, H., Thakur, N., Radhakrishnan, B., & Puttaiah, K. (2013). Garbage collection algorithms for nand flash memory devices–An overview. In 2013 European Modelling Symposium (EMS) (pp. 81–86). IEEE.
Sylve, J., Case, A., Marziale, L., Richard, G. G. (2012). Acquisition and analysis of volatile memory from android devices. Digital Investigations, 8, 1–10.
U.S. Department of Justice. (2009). Electronic crime scene investigation: An on-the-scene reference for first responders. National Institute of Justice, November 2009.
Metadaten
Titel
DaP∀: Deconstruct and Preserve for All: A Procedure for the Preservation of Digital Evidence on Solid State Drives and Traditional Storage Media
verfasst von
Ian Mitchell
Josué Ferriera
Tharmila Anandaraja
Sukhvinder Hara
Copyright-Jahr
2018
Buch
Cyber Criminology

Print ISBN: 978-3-319-97180-3

Electronic ISBN: 978-3-319-97181-0

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-97181-0_13