Title: A Comparative Study of Analysis and Extraction of Digital Forensic Evidences from exhibits using Disk Forensic Tools

Issue Number: Vol. 8, No. 3
Year of Publication: Sep - 2019
Page Numbers: 194-205
Authors: Kumarshankar Raychaudhuri
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002608


Digital exhibits such as USB drive, external hard disks etc. found at the crime scene contain evidences of essential value. Forensic Imaging of exhibits, which is an indispensable part of digital forensic examination, not only provides all the active files and directories, but also deleted or hidden data from the storage device. Various open-source and proprietary forensic tools are available for acquisition of data from digital exhibits. However, there might be instances of the exhibit being wiped, formatted, overwritten multiple times or data permanently deleted. Therefore, a critical question arises regarding the type and amount of data that might be recoverable. In this research work, the primary objective is to compare and analyse the performance of open-source and proprietary disk forensic tools in recovering data from storage devices. Different samples of USB thumb drives are created and artifacts are acquired using both open-source and proprietary tools. Based on the results, a comparative analysis is done to determine the performance of the tools. The results of this research would be helpful for forensic examiners in using the appropriate forensic tool for enhanced examination of different cases of cyber-crime investigation.