Challenges and Solutions in Digital Forensics, High school final essays of Internet and Information Access

Download Challenges and Solutions in Digital Forensics and more High school final essays Internet and Information Access in PDF only on Docsity!

Saint Anselm College

Challenges and Solutions in Digital Forensics: Navigating the Complexities of

Solid-State Drives

Taylor Giguere CS 228 Computer Forensics Dr. Adam R. Albina April 27, 2024

Solid-state drives (SSDs) are storage devices that have gained significant popularity in recent years, especially compared to traditional hard disk drives. This surge in popularity is due to their remarkable speed in reading and writing data, low power consumption, and lack of mechanical components. However, the architecture and behavior of SSDs pose several challenges in digital forensics. Digital forensics investigators must have adequate skills to analyze and extract data from SSDs. Proper analysis and data extraction from SSDs is essential for investigators to ensure that the digital evidence collected is accurate, complete, and admissible in court. It is essential that Manufacturers should be required to provide assurances so that evidence is not destroyed because of data destruction risk, integrity and reliability, and legal and ethical responsibilities. Hard disk and solid-state drives fundamentally differ in data storage and retrieval approaches. An SSD's structure uses integrated circuit assemblies to serve as a memory for retaining data; moreover, it is noteworthy that it lacks any moving mechanical components. SSDs utilize a combination of controller algorithms as well as NAND flash memory. The NAND flash memory is the primary storage component of SSDs, which is partitioned into blocks and pages. The TRIM command is one way to enhance efficiency by informing the drive about unused block data; this happens automatically and not by the operating system. Data compression and error correction maximize storage capacity while preserving data integrity (Introduction to Solid-State Drive (SSD)). On the other hand, Hard disk drives consist of multiple moving components, including platters, spindles, read/write heads, tracks, and sectors. These platters are stacked on each other, with a spindle running through their center that rotates in either direction. The spindle's movement causes the platters to rotate, and each platter's surface has read and write heads to

leveling can displace data, leading to a change in the hash value, while garbage collection can impede the acquisition of data necessary for digital forensics analysis. Wear leveling is an essential feature of SSDs, which is used to distribute data evenly across the memory. It keeps a close eye on data writing frequency and saves new data in the less frequently used memory space. This technique helps to extend the life of an SSD by preventing any one area of memory from being overused. This last functionality is called garbage collection; the process of rewriting in the memory is accelerated with this technique. The system keeps a watchful eye on the file allocation table to independently determine which blocks are not used anymore (A. Kumar 13). The dynamic nature of SSDs (solid-state drives) is highly relevant in the field of digital forensics due to several factors. The presence of a wear-leveling algorithm in SSDs can result in data being distributed across the drive, making traditional data recovery methods from HDDs less effective. This makes digital forensics having to use techniques to reconstruct data from different locations within the drive. This means that for traditional data recovery, like plugging into a read/write blocker, you will see everything there because HDDs don’t have special components like SSDs do, like TRIM and wear-leveling, where it deletes data, and you can’t get it back. If you plug an SSD into a read/write blocker, wear-leveling and trim will still happen, leading to deleted files. Solid-state drives (SSDs) present unique challenges in digital forensics, mainly because of their intricate features such as dynamic wear leveling, Trim functionality, and over- provisioning. These challenges can significantly impact the reliability of evidence in a legal context and data retrieval and read/write speeds. One issue with SSDs is that their garbage

collection routines may continue to run even when disconnected from the computer, posing potential problems in forensic investigations (Fulton 6). It is worth noting that SSDs come equipped with a pool of reserve and an overprovisioned area, which helps with wear leveling and swap pooling. The user cannot control the automatic processes of the TRIM function and SSD garbage collection, which can affect the integrity of evidence. It isn't easy to find the encryption key without the help of an SSD controller, as most SSDs have hardware encryption. The lack of standardization among SSD manufacturers poses a challenge for forensics examiners to recover SSD data forensically soundly. Nondeterministic TRIM is a significant issue for forensics imaging, and proving the evidence integrity of a nondeterministic SSD is challenging. Apart from nondeterministic TRIM, faults in SSD controllers or bugs in driver software can also create some problematic scenarios (M. Kumar 8). Potential solutions can be made to enhance SSDs to address the challenges of data loss prevention in solid-state drives during forensic investigations. This can include adding an off switch to disable the drive's pre-clearing function. This would enable forensic examiners to secure and stabilize digital artwork on the drives and provide reliability in data recovery processes. Manufacturers should provide in-depth information regarding the regulations and algorithms utilized in the pre-clearing procedure of deleted files. This is because not all files are treated equally during the pre-clearing process (Fulton 27, 30). Incorporating the suggested modifications can be highly beneficial in mitigating the risk of data loss. Adding an off-switch is particularly noteworthy among the proposed changes as it can serve as a crucial piece of evidence in a legal context. Overall, these modifications can significantly enhance the security and reliability of the system.

Works Cited Fulton, John W. "Solid State Disk Forensics: Is there a Path Forward." ProQuest (2014). https://www.proquest.com/docview/1534359347?pq- origsite=gscholar&fromopenview=true&sourcetype=Dissertations%20&%20Theses Geier, Florian. "The Differneces between SSD and HDD technology regarding forensci investigations." (2015). chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.diva-portal.org/ smash/get/diva2:824922/FULLTEXT01.pdf Introduction to Solid-State Drive (SSD). 23 April 2024. GeeksforGeeks. 23 April 2024. https://www.geeksforgeeks.org/introduction-to-solid-state-drive-ssd/. Kumar, Avinash. "A Survey On Solid-State Drive Forensic Analysis Techniques." International Journal of Computer Science and Security (2020). https://go-gale- com.geisel.idm.oclc.org/ps/i.do?id=GALE %7CA682600880&sid=googleScholar&v=2.1&it=r&linkaccess=abs&issn=&p=AONE& sw=w&userGroupName=manc23575&aty=ip Kumar, Manish. "Solid state drive forensics analysis—Challenges and recommendations." Concurrency and Computation: Practice and Experience 33.24 (2021). https://onlinelibrary-wiley-com.geisel.idm.oclc.org/doi/full/10.1002/cpe. What is the hard disk architecture in operating system. n.d. 23 April 2024. <https://www.educative.io/answers/what-is-the-hard-disk-architecture-in-operating- systems>.