DaP∀ : Deconstruct and preserve for all: a procedure for the preservation of digital evidence on solid state drives and traditional storage media

Mitchell, Ian and Josue, Ferriera and Anandaraja, Tharmila and Hara, Sukhvinder (2018) DaP∀ : Deconstruct and preserve for all: a procedure for the preservation of digital evidence on solid state drives and traditional storage media. In: Cyber Criminology. Jahankhani, Hamid, ed. Advanced Sciences and Technologies for Security Applications . Springer, pp. 239-251. ISBN 9783319971803 (Accepted/In press)

Full text is not in this repository.

Abstract

Human error is often a cause of contamination of potential digital evidence and can jeopardise an entire case. One of the biggest problems is the data acquisition stage that requires the Digital Forensic Analyst to make bit-for-bit copies of the device seized. This procedure, despite using write-blockers, can go wrong. The proposed Deconstruct and Preserve for all (DaP∀) aims at mitigating the risk involved in exposing any data to these procedures and ensures that third parties get an exact match; the process works on SSDs, GPT formatted devices, and other traditional formats, e.g. HDD. The results show a GPT TRIM enabled SSD imaged multiple times produces verification of matched hashes. With these results, it is proposed that DaP∀ should be considered as a Standard Operating Procedure (SOP) when completing data acquisition.

Item Type: Book Section
Research Areas: A. > School of Science and Technology
Item ID: 25246
Useful Links:
Depositing User: Ian Mitchell
Date Deposited: 01 Oct 2018 13:39
Last Modified: 01 Oct 2018 13:45
URI: http://eprints.mdx.ac.uk/id/eprint/25246

Actions (login required)

Edit Item Edit Item