Establishing professional guidelines for SSD forensics: a case study
|Keywords:||NAND flash; Solid State Drive; SSD; Guidelines; Digital forensics; Preservation of evidence|
|Full text PDF:||http://hdl.handle.net/10292/7226|
The aim of this thesis is to investigate and examine the present status of solid state drive (SSD) forensics, and to establish a professional guideline for forensic investigators who are required to preserve and recover data stored on SSD in a forensically acceptable manner. In the first part, results of a literature review of computer storage devices, data recovery methods, and forensic guidelines were presented. The literature review determined how SSD is architecturally different from a magnetic hard disk drive (HDD), but existing forensic guidelines and procedures were developed based mainly on HDD technology. SSD is widely accepted by consumers but not well integrated into the forensic guidelines, despite several automated evidence-destruction functions, which were embedded for performance enhancement purposes, have been explicitly discussed by forensic and data recovery experts. The thesis then identifies the gaps amongst well repute forensic guidelines and further outlines the structure of a compound guideline which recognises issues raised by SSD to maximise the chance of data recovery. Specific processes were identified and data recovery rate was measured for testing. In conclusion, the thesis argues that existing forensic techniques and guidelines are incapable of suppressing the SSD’s self-destructive behaviour and alternative method of SSD data preservation must be developed.