Deconstruct and preserve (DaP): a method for the preservation of digital evidence on solid state drives (SSD)
Mitchell, Ian ORCID: https://orcid.org/0000-0002-3882-9127, Anandaraja, Tharmila, Hara, Sukhvinder
ORCID: https://orcid.org/0000-0003-1859-1227, Hadzhinenov, George and Neilson, David
(2017)
Deconstruct and preserve (DaP): a method for the preservation of digital evidence on solid state drives (SSD).
Global Security, Safety and Sustainability - The Security Challenges of the Connected World: 11th International Conference, ICGS3 2017, London, UK, January 18-20, 2017, Proceedings.
In: 11th International Conference on Global Security, Safety and Sustainability, 18-20 Jan 2017, Greenwich, London, England.
ISBN 9783319510637.
ISSN 1865-0929
[Conference or Workshop Item]
(doi:10.1007/978-3-319-51064-4_1)
|
PDF
- Final accepted version (with author's formatting)
Download (308kB) | Preview |
Abstract
Imaging SSDs is problematic due to TRIM commands and garbage collectors that make the SSD behave inconsistently over time. It is this inconsistency that can cause a difference between images taken of the SSD. These differences result in unmatched hash number gener-ation and would normally be attributed to contamination or spoliation of digital evidence. DaP is a proposed method that ensures all images taken of the SSD are consistent and removes the volatility normally as-sociated with these devices. DaP is not focused with the recoverability of deleted data, however DaP does stabilise the device to prevent uninten-tional contamination due to garbage collection. Experiments show that the DaP method works on a range of devices and consistently produces the hash-identical images. The conclusions are to consider DaP as a new Standard Operating Procedure (SOP) when imaging SSDs.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Additional Information: | Published as chapter in : Global Security, Safety and Sustainability - The Security Challenges of the Connected World, Volume 630 of the series Communications in Computer and Information Science, pp 3-11 |
Research Areas: | A. > School of Science and Technology > Computer Science |
Item ID: | 20792 |
Notes on copyright: | This is the author accepted manuscript version. The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-51064-4_1 |
Useful Links: | |
Depositing User: | Ian Mitchell |
Date Deposited: | 25 Oct 2016 09:39 |
Last Modified: | 29 Nov 2022 21:16 |
URI: | https://eprints.mdx.ac.uk/id/eprint/20792 |
Actions (login required)
![]() |
View Item |
Statistics
Additional statistics are available via IRStats2.