Uploaded bydandb-technology
540 views

Digital forensics

Digital forensics is the scientific analysis of electronic devices as evidence in court. SSDs present challenges for digital forensics due to background processes like garbage collection that can erase data, including evidence a suspect tried to delete. Traditional methods of acquiring and authenticating drive images using write blockers and MD5 hashes may not work for SSDs due to data being relocated and erased during garbage collection. Special procedures are needed to properly acquire and authenticate evidence from SSDs.

Embed presentation

Digital Forensics SSDs
Digital Forensics is the scientific process and analysis of electronic data/devices as evidence for use in a court of law.
Roles of digital devices in a crime Contraband material - Selling a company computer - Illegal downloads Tool for the crime - Modifying a company balance sheet Incidental to the crime - Drug dealer storing his buyers/sellers on a phone
6 A's of Computer Forensics •  Assessment •  Acquisition •  Authentication •  Analysis •  Articulation •  Archival
6 A's of Computer Forensics •  Assessment •  Acquisition •  Authentication •  Analysis •  Articulation •  Archival
Acquisition - Traditional hard drives Suspect Write Drive Blocker Your System Imaging a Your drive Forensic Drive
Authentication Your Suspect Forensic Drive Drive Matching md5 hash
SSD •  SSD are masked by the SSD Controller to look like a traditional hard drive SSD Flash Memory Controller SATA + Power Flash Memory
SSD •  SSD are masked by the SSD Controller to look like a traditional hard drive •  Unreliable 1's and 0's o  All "not in use" blocks must be erased before being used again 0 New data Old Data 1
SSD •  SSD are masked by the SSD Controller to look like a traditional hard drive •  Unreliable 1's and 0's o  All "not in use" blocks must be erased before being used again •  Garbage Collection - background process
Problems with SSD Once the power is connected to the SSD, the garbage collection process physically begins to erase blocks marked as "not in use".
Acquisition - SSD Suspect Write Drive Blocker Your System Imaging the Your drive Forensic Drive
Acquisition - SSD Suspect Write Drive Blocker Your System Imaging the Your drive Forensic Drive
Authentication Your Suspect Forensic Drive Drive Different md5 hash
Problems with SSD Once the power is connected to the SSD, the garbage collection process physically begins to erase blocks marked as "not in use". •  Different md5 hashes •  Evidence that the suspect tried to delete may be removed because of garbage collection
The End

More Related Content

PPTX
Memory Forensics
byAnshul Tayal
 
PPT
Introduction to computer forensic
byOnline
 
PPTX
Forensic imaging
byDINESH KAMBLE
 
PDF
A brief Intro to Digital Forensics
byManik Bhola
 
PPTX
Network forensic
byManjushree Mashal
 
PPTX
L6 Digital Forensic Investigation Tools.pptx
byBhupeshkumar Nanhe
 
PPTX
Mobile Forensics
byabdullah roomi
 
PPTX
Data recovery
byAbhinav Parihar
 
Memory Forensics
byAnshul Tayal
 
Introduction to computer forensic
byOnline
 
Forensic imaging
byDINESH KAMBLE
 
A brief Intro to Digital Forensics
byManik Bhola
 
Network forensic
byManjushree Mashal
 
L6 Digital Forensic Investigation Tools.pptx
byBhupeshkumar Nanhe
 
Mobile Forensics
byabdullah roomi
 
Data recovery
byAbhinav Parihar
 

What's hot

PDF
FTK-Tutorial.pdf windows imager for IT professionals
byghkchk44
 
PPTX
11 brain finger printing
byPREMKUMAR
 
PDF
Cyber Forensics Module 1
byManu Mathew Cherian
 
PPTX
Image processing in forensic science
byvenati munishareddy
 
PDF
Steganography and steganalysis
bySaloniGoyal45
 
PPTX
Password Cracking
bySagar Verma
 
PPT
Malware forensics
bySameera Amjad
 
PDF
Introduction to Digital Forensics and Evidences Aquasation.pdf
byAbhijit Bodhe
 
PPTX
Digital evidence
byRajeshPatil191
 
PPTX
Cybercrime Investigation | Cybersecurity | PPT
byCyber Security Experts
 
PPT
Cyber crime and forensic
bySANTANU KUMAR DAS
 
ODT
Operating System Forensics
byArunJS5
 
PPTX
Cryptography and steganography
byJishnu Grandhi
 
PPTX
Digital Evidence by Raghu Khimani
byDr Raghu Khimani
 
PPTX
seminar presentation on Face ricognition technology
byJawhar Ali
 
PPTX
Symmetric and asymmetric key
byTriad Square InfoSec
 
PPT
Cyber forensics
bypranjal dutta
 
PPTX
Network Forensics
byprimeteacher32
 
PPTX
CHA & LBA Addressing
byDINESH KAMBLE
 
PPT
Data recovery
byMir Majid
 
FTK-Tutorial.pdf windows imager for IT professionals
byghkchk44
 
11 brain finger printing
byPREMKUMAR
 
Cyber Forensics Module 1
byManu Mathew Cherian
 
Image processing in forensic science
byvenati munishareddy
 
Steganography and steganalysis
bySaloniGoyal45
 
Password Cracking
bySagar Verma
 
Malware forensics
bySameera Amjad
 
Introduction to Digital Forensics and Evidences Aquasation.pdf
byAbhijit Bodhe
 
Digital evidence
byRajeshPatil191
 
Cybercrime Investigation | Cybersecurity | PPT
byCyber Security Experts
 
Cyber crime and forensic
bySANTANU KUMAR DAS
 
Operating System Forensics
byArunJS5
 
Cryptography and steganography
byJishnu Grandhi
 
Digital Evidence by Raghu Khimani
byDr Raghu Khimani
 
seminar presentation on Face ricognition technology
byJawhar Ali
 
Symmetric and asymmetric key
byTriad Square InfoSec
 
Cyber forensics
bypranjal dutta
 
Network Forensics
byprimeteacher32
 
CHA & LBA Addressing
byDINESH KAMBLE
 
Data recovery
byMir Majid
 

Similar to Digital forensics

PPTX
Solid state drive
byPrateek Kumawat
 
PPT
Solid state drives
byManmath Agarwal
 
PDF
Digital_Forensics_Detailed_Presentationpdf
bySaurabhShukla228405
 
PPTX
Types of Computer, Types of CPU
bysilkysaintra
 
PDF
SSD Seminar Report
byVishalKSetti
 
DOCX
Solid State Drives - Seminar Report for Semester 6 Computer Engineering - VIT...
byravipbhat
 
PPTX
Computer System Hardware
bybailumanog
 
PPTX
A solid-state drive (SSD) is a type of solid-state storage device that uses i...
byniveatha1
 
DOC
Computer storage devices
byssuser1eca7d
 
PPT
Fs Ch 18
bywarren142
 
PDF
seminar.pdf
byRohitSalve20
 
PPTX
Protecting Hosts
byprimeteacher32
 
PDF
Accessing Forensic Images
byCTIN
 
PDF
ESI Recoveries from Solid State Drive Technology – New Challenges
byDriveSavers Data Recovery
 
PDF
Generic SAN Acceleration White Paper DRAFT
byMike Mendola (mendola@comcast.net)
 
PPTX
Storage
bywardjo
 
PPS
intro to forensics
byPardhasaradhi ch
 
PDF
Reliability Of Solid State Drives 2008
byAndrei Khurshudov
 
DOCX
check+draft+document
bytheextraaedge
 
PPTX
F.d.
byDev Mundhra
 
Solid state drive
byPrateek Kumawat
 
Solid state drives
byManmath Agarwal
 
Digital_Forensics_Detailed_Presentationpdf
bySaurabhShukla228405
 
Types of Computer, Types of CPU
bysilkysaintra
 
SSD Seminar Report
byVishalKSetti
 
Solid State Drives - Seminar Report for Semester 6 Computer Engineering - VIT...
byravipbhat
 
Computer System Hardware
bybailumanog
 
A solid-state drive (SSD) is a type of solid-state storage device that uses i...
byniveatha1
 
Computer storage devices
byssuser1eca7d
 
Fs Ch 18
bywarren142
 
seminar.pdf
byRohitSalve20
 
Protecting Hosts
byprimeteacher32
 
Accessing Forensic Images
byCTIN
 
ESI Recoveries from Solid State Drive Technology – New Challenges
byDriveSavers Data Recovery
 
Generic SAN Acceleration White Paper DRAFT
byMike Mendola (mendola@comcast.net)
 
Storage
bywardjo
 
intro to forensics
byPardhasaradhi ch
 
Reliability Of Solid State Drives 2008
byAndrei Khurshudov
 
check+draft+document
bytheextraaedge
 
F.d.
byDev Mundhra
 

More from dandb-technology

PPTX
7 Baby Steps to Financial Freedom - Dave Ramsey
bydandb-technology
 
PPT
Place cells
bydandb-technology
 
PPTX
Mythical Man-Month
bydandb-technology
 
PDF
DNA as Storage Medium
bydandb-technology
 
PPTX
Buying a car
bydandb-technology
 
PPTX
How to Fail at Almost Everything and Still Win Big by Scott Adams - Book Review
bydandb-technology
 
PPTX
Blackhat 2014 Conference and Defcon 22
bydandb-technology
 
PPTX
Amazon Web Services (AWS) - A Brief Introduction
bydandb-technology
 
PDF
Web Accelerators
bydandb-technology
 
PPTX
Tips on Effective Development
bydandb-technology
 
PPTX
Meteor
bydandb-technology
 
PPTX
PDQ C++ Uml state Machines
bydandb-technology
 
PPTX
Big Data Lightning Talk - JRowe
bydandb-technology
 
PPTX
Infinite complexity
bydandb-technology
 
PPT
Performative Ecologies
bydandb-technology
 
PPTX
Jmock testing
bydandb-technology
 
PPTX
The state of social network data mining
bydandb-technology
 
7 Baby Steps to Financial Freedom - Dave Ramsey
bydandb-technology
 
Place cells
bydandb-technology
 
Mythical Man-Month
bydandb-technology
 
DNA as Storage Medium
bydandb-technology
 
Buying a car
bydandb-technology
 
How to Fail at Almost Everything and Still Win Big by Scott Adams - Book Review
bydandb-technology
 
Blackhat 2014 Conference and Defcon 22
bydandb-technology
 
Amazon Web Services (AWS) - A Brief Introduction
bydandb-technology
 
Web Accelerators
bydandb-technology
 
Tips on Effective Development
bydandb-technology
 
Meteor
bydandb-technology
 
PDQ C++ Uml state Machines
bydandb-technology
 
Big Data Lightning Talk - JRowe
bydandb-technology
 
Infinite complexity
bydandb-technology
 
Performative Ecologies
bydandb-technology
 
Jmock testing
bydandb-technology
 
The state of social network data mining
bydandb-technology
 

Digital forensics

  • 1.
  • 2.
    Digital Forensics isthe scientific process and analysis of electronic data/devices as evidence for use in a court of law.
  • 3.
    Roles of digitaldevices in a crime Contraband material - Selling a company computer - Illegal downloads Tool for the crime - Modifying a company balance sheet Incidental to the crime - Drug dealer storing his buyers/sellers on a phone
  • 4.
    6 A's ofComputer Forensics •  Assessment •  Acquisition •  Authentication •  Analysis •  Articulation •  Archival
  • 5.
    6 A's ofComputer Forensics •  Assessment •  Acquisition •  Authentication •  Analysis •  Articulation •  Archival
  • 6.
    Acquisition - Traditionalhard drives Suspect Write Drive Blocker Your System Imaging a Your drive Forensic Drive
  • 7.
    Authentication Your Suspect Forensic Drive Drive Matching md5 hash
  • 8.
    SSD •  SSD are masked by the SSD Controller to look like a traditional hard drive SSD Flash Memory Controller SATA + Power Flash Memory
  • 9.
    SSD •  SSD are masked by the SSD Controller to look like a traditional hard drive •  Unreliable 1's and 0's o  All "not in use" blocks must be erased before being used again 0 New data Old Data 1
  • 10.
    SSD •  SSD are masked by the SSD Controller to look like a traditional hard drive •  Unreliable 1's and 0's o  All "not in use" blocks must be erased before being used again •  Garbage Collection - background process
  • 11.
    Problems with SSD Oncethe power is connected to the SSD, the garbage collection process physically begins to erase blocks marked as "not in use".
  • 12.
    Acquisition - SSD Suspect Write Drive Blocker Your System Imaging the Your drive Forensic Drive
  • 13.
    Acquisition - SSD Suspect Write Drive Blocker Your System Imaging the Your drive Forensic Drive
  • 14.
    Authentication Your Suspect Forensic Drive Drive Different md5 hash
  • 15.
    Problems with SSD Oncethe power is connected to the SSD, the garbage collection process physically begins to erase blocks marked as "not in use". •  Different md5 hashes •  Evidence that the suspect tried to delete may be removed because of garbage collection
  • 16.