Forensic potentials of solid state drives
Date
2015
Authors
Shah, Z.
Mahmood, A.N.
Slay, J.
Editors
Tian, J.
Jing, J.
Srivatsa, M.
Jing, J.
Srivatsa, M.
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, 2015 / Tian, J., Jing, J., Srivatsa, M. (ed./s), vol.153, pp.113-126
Statement of Responsibility
Conference Name
10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014 (24 Sep 2014 - 26 Sep 2014 : Beijing, China)
Abstract
Extracting useful information from Solid State Drives (SSD) is a challenging but important forensic task. However, there are opposing views [14,15,22] that (1) SSDs destroy the forensics evidences automatically and (2) even after sanitization of SSDs, data can be recovered. This paper investigates this issue and reports experimental findings that identify the reason why certain SSDs seem to destroy forensic evidences while other SSDs do not. The experiments provide insight and analyses of the behaviour of SSDs when certain software components, such as Background Garbage Collector (BGC) and Operating System functions, such as TRIM, are executed on the SSD.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering