INFORMATION CHANGE THE WORLD

International Journal of Computer Network and Information Security(IJCNIS)

ISSN: 2074-9090 (Print), ISSN: 2074-9104 (Online)

Published By: MECS Press

IJCNIS Vol.10, No.5, May. 2018

Forensics Image Acquisition Process of Digital Evidence

Full Text (PDF, 524KB), PP.1-8


Views:68   Downloads:1

Author(s)

Erhan Akbal, Sengul Dogan

Index Terms

Forensic copy;image acquisition;digital forensics;digital evidence

Abstract

For solving the crimes committed on digital materials, they have to be copied. An evidence must be copied properly in valid methods that provide legal availability. Otherwise, the material cannot be used as an evidence. Image acquisition of the materials from the crime scene by using the proper hardware and software tools makes the obtained data legal evidence. Choosing the proper format and verification function when image acquisition affects the steps in the research process. For this purpose, investigators use hardware and software tools. Hardware tools assure the integrity and trueness of the image through write-protected method. As for software tools, they provide usage of certain write-protect hardware tools or acquisition of the disks that are directly linked to a computer. Image acquisition through write-protect hardware tools assures them the feature of forensic copy. Image acquisition only through software tools do not ensure the forensic copy feature. During the image acquisition process, different formats like E01, AFF, DD can be chosen. In order to provide the integrity and trueness of the copy, hash values have to be calculated using verification functions like SHA and MD series. In this study, image acquisition process through hardware-software are shown. Hardware acquisition of a 200 GB capacity hard disk is made through Tableau TD3 and CRU Ditto. The images of the same storage are taken through Tableau, CRU and RTX USB bridge and through FTK imager and Forensic Imager; then comparative performance assessment results are presented. 

Cite This Paper

Erhan Akbal, Sengul Dogan,"Forensics Image Acquisition Process of Digital Evidence", International Journal of Computer Network and Information Security(IJCNIS), Vol.10, No.5, pp.1-8, 2018.DOI: 10.5815/ijcnis.2018.05.01

Reference

[1]A. Lazzez, T. Slimani,"Forensics Investigation of Web Application Security Attacks", International Journal of Computer Network and Information Security, vol.7, no.3, pp.10-17, 2015.DOI: 10.5815/ijcnis.2015.03.02. 

[2]Y. Prayudi, A. Ashari, T. K. Priyambodo, “A Proposed Digital Forensics Business Model to Support Cybercrime Investigation in Indonesia”. International Journal of Computer Network and Information Security, vol. 7 no. 11, 1, 2015.

[3]J. Sharma, M. Singh, "CUDA based Rabin-Karp Pattern Matching for Deep Packet Inspection on a Multicore GPU", International Journal of Computer Network and Information Security, vol.7, no.10, pp. 70-77, 2015.DOI: 10.5815/ijcnis.2015.10.08.

[4]S. Jaiswal, S. Dhavale, “Video Forensics in Temporal Domain using Machine Learning Techniques”. International Journal of Computer Network and Information Security, vol. 5 no. 9, 58, 2013. 

[5]Y. Vural, Ş. Sağıroğlu, “A Review on Enterprise Information Security and Standards”. Journal of the Faculty of Engineering and Architecture of Gazi University, vol. 23 no. 2, 2008.

[6]M. Geddes, P. B. Zadeh, “Forensic analysis of private browsing. In Cyber Security and Protection of Digital Services (Cyber Security)”, 2016 International Conference On, pp. 1-2. IEEE, 2016.

[7]K. Conlan, L. Baggili, F. Breitinger, “Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy”. Digital Investigation, vol. 18, pp. 66-75, 2016.

[8]B. Carrier, “File system forensic analysis”. Addison-Wesley Professional, 2005.

[9]U. Akalın, Ç. Uluyol, “Mobile Devices, Mobile Forensic Informatics and Proposed Process Model”, XVIII. Akademik Bilişim Konferansı, 2016.

[10]A. Agarwal, M. Gupta, S. Gupta, C. S. Gupta, “Systematic Digital Forensic Investigation Model”.  International Journal of Computer Science and Security (IJCSS), vol. 5, no. 1, pp.118, 2011.

[11]K. K. Sindhu, B. B. Meshram, “Digital Forensic Investigation Tools and Procedures”. International Journal of Computer Network and Information Security, vol. 4 no. 4, 39, 2012.

[12]R. Ceylan, A. S. Şirikçi, “Information Technologies Review - Data Reviews”, Forensic Science, 2, Editor: Cihangiroğlu, B., Gendarmerie Criminal Department Publications, Ankara, pp. 152-174, 2011.

[13]D. Garza, “Data Acquisition and Duplication”, Computer Forensics Investigating Data & Image Files, Editor: Garza, D., EC-Council, NY, pp. 65-94, 2010.

[14]J. Wiles, A. Reyes, The Best Damn Cybercrime and Digital Forensics Book Period. Syngress.

[15]R. Lutui, “A multidisciplinary digital forensic investigation process model”, Business Horizons, vol. 59 no. 6, pp. 593-604, 2011.

[16]B. J. Nikkel, “Forensic acquisition and analysis of magnetic tapes”. Digital investigation, vol. 2 no. 1, 8-18, 2005.

[17]M. Hirwani, Y. Pan, B. Stackpole, D. Johnson, “Forensic acquisition and analysis of vmware virtual hard disks”. In Proceedings of the International Conference on Security and Management (SAM) (The Steering Committee of the World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 1, 2012.

[18]E. Casey, “Digital evidence and computer crime: Forensic science, computers, and the internet”. Academic press, 2011.

[19]B. Nelson, A. Phillips, C. Steuart, Guide to computer forensics and investigations. Cengage Learning, 2014.

[20]N. Beebe, “Digital forensic research: The good, the bad and the unaddressed”. In IFIP International Conference on Digital Forensics. Springer Berlin Heidelberg, pp. 17-36, 2009.

[21]P. H. Yen, C. H. Yang, T. N. Ahn, “Design and implementation of a live-analysis digital forensic system”. In Proceedings of the 2009 international Conference on Hybrid Information Technology, pp. 239-243. ACM, 2009.

[22]A. Brinson, A. Robinson, M. Rogers, “A cyber forensics ontology: Creating a new approach to studying cyber forensics”. Digital Investigation, vol. 3, pp. 37-43, 2006.

[23]D. Manson, A. Carlin, S. Ramos, A. Gyger, M. Kaufman, J. Treichelt, “Is the open way a better way? Digital forensics using open source tools”. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, pp. 266b-266b. IEEE, 2007.

[24]T. Vidas, B. Kaplan, M. Geiger, “OpenLV: Empowering investigators and first-responders in the digital forensics process”. Digital Investigation, vol. 11, pp. S45-S53, 2014.

[25]F. Carbone, Computer forensics with FTK. Packt Publishing Ltd, 2014.

[26]D. Manson, A. Carlin, S. Ramos, A. Gyger, M. Kaufman, J. Treichelt, “Is the open way a better way? Digital forensics using open source tools”. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, pp. 266b-266b. IEEE, 2007.

[27]V. R. Ambhire, B. B. Meshram, “Digital forensic tools”. IOSR Journal of Engineering, vol. 2, no. 3, pp. 392-398, 2012.

[28]M. K. Rogers, K. Seigfried, “The future of computer forensics: a needs analysis survey”. Computers & Security, vol. 23, no. 1, pp. 12-16, 2004.