Forensic potentials of solid state drives

Zubair Shah; Abdun Naser Mahmood; Jill Slay

doi:10.1007/978-3-319-23802-9_11

Forensic potentials of solid state drives

Zubair Shah^*, Abdun Naser Mahmood, Jill Slay

^*Corresponding author for this work

University of New South Wales

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Citations (Scopus)

Abstract

Extracting useful information from Solid State Drives (SSD) is a challenging but important forensic task. However, there are opposing views [14,15,22] that (1) SSDs destroy the forensics evidences automatically and (2) even after sanitization of SSDs, data can be recovered. This paper investigates this issue and reports experimental findings that identify the reason why certain SSDs seem to destroy forensic evidences while other SSDs do not. The experiments provide insight and analyses of the behaviour of SSDs when certain software components, such as Background Garbage Collector (BGC) and Operating System functions, such as TRIM, are executed on the SSD.

Original language	English
Title of host publication	International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers
Editors	Mudhakar Srivatsa, Jing Tian, Jiwu Jing
Publisher	Springer Verlag
Pages	113-126
Number of pages	14
ISBN (Print)	9783319238012
DOIs	https://doi.org/10.1007/978-3-319-23802-9_11
Publication status	Published - 2015
Externally published	Yes
Event	10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014 - Beijing, China Duration: 24 Sept 2014 → 26 Sept 2014

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	153
ISSN (Print)	1867-8211

Conference

Conference	10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014
Country/Territory	China
City	Beijing
Period	24/09/14 → 26/09/14

Keywords

Forensics
SSD
Solid state drives

Access to Document

10.1007/978-3-319-23802-9_11

Cite this

Shah, Z., Mahmood, A. N., & Slay, J. (2015). Forensic potentials of solid state drives. In M. Srivatsa, J. Tian, & J. Jing (Eds.), International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers (pp. 113-126). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 153). Springer Verlag. https://doi.org/10.1007/978-3-319-23802-9_11

Shah, Zubair ; Mahmood, Abdun Naser ; Slay, Jill. / Forensic potentials of solid state drives. International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers. editor / Mudhakar Srivatsa ; Jing Tian ; Jiwu Jing. Springer Verlag, 2015. pp. 113-126 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{cb888a6d2dd2461aaf3f5020704ae6ca,

title = "Forensic potentials of solid state drives",

abstract = "Extracting useful information from Solid State Drives (SSD) is a challenging but important forensic task. However, there are opposing views [14,15,22] that (1) SSDs destroy the forensics evidences automatically and (2) even after sanitization of SSDs, data can be recovered. This paper investigates this issue and reports experimental findings that identify the reason why certain SSDs seem to destroy forensic evidences while other SSDs do not. The experiments provide insight and analyses of the behaviour of SSDs when certain software components, such as Background Garbage Collector (BGC) and Operating System functions, such as TRIM, are executed on the SSD.",

keywords = "Forensics, SSD, Solid state drives",

author = "Zubair Shah and Mahmood, {Abdun Naser} and Jill Slay",

note = "Publisher Copyright: {\textcopyright} Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015.; 10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014 ; Conference date: 24-09-2014 Through 26-09-2014",

year = "2015",

doi = "10.1007/978-3-319-23802-9_11",

language = "English",

isbn = "9783319238012",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Verlag",

pages = "113--126",

editor = "Mudhakar Srivatsa and Jing Tian and Jiwu Jing",

booktitle = "International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers",

address = "Germany",

}

Shah, Z, Mahmood, AN & Slay, J 2015, Forensic potentials of solid state drives. in M Srivatsa, J Tian & J Jing (eds), International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 153, Springer Verlag, pp. 113-126, 10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014, Beijing, China, 24/09/14. https://doi.org/10.1007/978-3-319-23802-9_11

Forensic potentials of solid state drives. / Shah, Zubair; Mahmood, Abdun Naser; Slay, Jill.
International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers. ed. / Mudhakar Srivatsa; Jing Tian; Jiwu Jing. Springer Verlag, 2015. p. 113-126 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 153).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Forensic potentials of solid state drives

AU - Shah, Zubair

AU - Mahmood, Abdun Naser

AU - Slay, Jill

N1 - Publisher Copyright: © Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015.

PY - 2015

Y1 - 2015

N2 - Extracting useful information from Solid State Drives (SSD) is a challenging but important forensic task. However, there are opposing views [14,15,22] that (1) SSDs destroy the forensics evidences automatically and (2) even after sanitization of SSDs, data can be recovered. This paper investigates this issue and reports experimental findings that identify the reason why certain SSDs seem to destroy forensic evidences while other SSDs do not. The experiments provide insight and analyses of the behaviour of SSDs when certain software components, such as Background Garbage Collector (BGC) and Operating System functions, such as TRIM, are executed on the SSD.

AB - Extracting useful information from Solid State Drives (SSD) is a challenging but important forensic task. However, there are opposing views [14,15,22] that (1) SSDs destroy the forensics evidences automatically and (2) even after sanitization of SSDs, data can be recovered. This paper investigates this issue and reports experimental findings that identify the reason why certain SSDs seem to destroy forensic evidences while other SSDs do not. The experiments provide insight and analyses of the behaviour of SSDs when certain software components, such as Background Garbage Collector (BGC) and Operating System functions, such as TRIM, are executed on the SSD.

KW - Forensics

KW - SSD

KW - Solid state drives

UR - http://www.scopus.com/inward/record.url?scp=84952329734&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-23802-9_11

DO - 10.1007/978-3-319-23802-9_11

M3 - Conference contribution

AN - SCOPUS:84952329734

SN - 9783319238012

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 113

EP - 126

BT - International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers

A2 - Srivatsa, Mudhakar

A2 - Tian, Jing

A2 - Jing, Jiwu

PB - Springer Verlag

T2 - 10th International Conference on Security and Privacy in Communication Networks, SecureComm 2014

Y2 - 24 September 2014 through 26 September 2014

ER -

Shah Z, Mahmood AN, Slay J. Forensic potentials of solid state drives. In Srivatsa M, Tian J, Jing J, editors, International Conference on Security and Privacy in Communication Networks - 10th International ICST Conference, SecureComm 2014, Revised Selected Papers. Springer Verlag. 2015. p. 113-126. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-319-23802-9_11

Forensic potentials of solid state drives

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this