Deconstruct and preserve (DaP): a method for the preservation of digital evidence on solid state drives (SSD)

Mitchell, Ian ORCID: https://orcid.org/0000-0002-3882-9127, Anandaraja, Tharmila, Hara, Sukhvinder ORCID: https://orcid.org/0000-0003-1859-1227, Hadzhinenov, George and Neilson, David (2017) Deconstruct and preserve (DaP): a method for the preservation of digital evidence on solid state drives (SSD). Global Security, Safety and Sustainability - The Security Challenges of the Connected World: 11th International Conference, ICGS3 2017, London, UK, January 18-20, 2017, Proceedings. In: 11th International Conference on Global Security, Safety and Sustainability, 18-20 Jan 2017, Greenwich, London, England. ISBN 9783319510637. ISSN 1865-0929 [Conference or Workshop Item] (doi:10.1007/978-3-319-51064-4_1)

[img]
Preview
PDF - Final accepted version (with author's formatting)
Download (308kB) | Preview

Abstract

Imaging SSDs is problematic due to TRIM commands and garbage collectors that make the SSD behave inconsistently over time. It is this inconsistency that can cause a difference between images taken of the SSD. These differences result in unmatched hash number gener-ation and would normally be attributed to contamination or spoliation of digital evidence. DaP is a proposed method that ensures all images taken of the SSD are consistent and removes the volatility normally as-sociated with these devices. DaP is not focused with the recoverability of deleted data, however DaP does stabilise the device to prevent uninten-tional contamination due to garbage collection. Experiments show that the DaP method works on a range of devices and consistently produces the hash-identical images. The conclusions are to consider DaP as a new Standard Operating Procedure (SOP) when imaging SSDs.

Item Type: Conference or Workshop Item (Paper)
Additional Information: Published as chapter in : Global Security, Safety and Sustainability - The Security Challenges of the Connected World, Volume 630 of the series Communications in Computer and Information Science, pp 3-11
Research Areas: A. > School of Science and Technology > Computer Science
Item ID: 20792
Notes on copyright: This is the author accepted manuscript version. The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-51064-4_1
Useful Links:
Depositing User: Ian Mitchell
Date Deposited: 25 Oct 2016 09:39
Last Modified: 10 Jun 2021 17:04
URI: https://eprints.mdx.ac.uk/id/eprint/20792

Actions (login required)

View Item View Item

Statistics

Downloads
Activity Overview
531Downloads
518Hits

Additional statistics are available via IRStats2.