Solid state drives and the forensic process
Abstract
This study identified, acquired, validated, and analyzed digital evidence from a sample set of 3rd generation Solid State Drives. This digital evidence depicts and predicts the typical routines of Solid State Drives. Strict forensic procedures were followed to ensure accuracy, validity and reproducibility of the results. The goal of this study was to identify and compare the evidential recovery of several 3rd generation Solid State Drives using standard forensic procedures. This study showed that approximately 70% of data was recovered from a solid state while being utilized as a secondary storage device without TRIM enabled. Additionally, 0% of data was recoverable when TRIM was enabled, although file names and properties were still intact. The study further showed that when a solid state is implemented as a primary storage device with Windows 7 installed, there was a 0% chance for recovery of any evidence, whether it be file content, file names, or properties. In closing, advise for areas of future research are also suggested.
Degree
M.S.
Advisors
Rogers, Purdue University.
Subject Area
Computer science
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.