Title: A Comparative Study of the Performance of Open-Source and Proprietary Disk Forensic Tools in Recovery of Anti-Forensically Doctored Data

Issue Number: Vol. 8, No. 4
Year of Publication: Dec - 2019
Page Numbers: 250-261
Authors: Sonu Mandecha, Kumarshankar Raychaudhuri, M. George Christopher
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002624

Abstract:


Digital Forensics is the technique used for the investigation of crimes related to computers and other digital or electronic devices such as mobile phones, tablets etc. It includes different stages such as collection, extraction, preservation, examination, analysis and documentation of data from different digital storage devices such as hard disks, USB thumb drives, CDs, DVDs etc. In order to evade the digital forensic tools, the criminals or perpetrators use methods and techniques to hide the data or destroy the evidence, which is known as Anti-Forensics. In this research work, our aim is to use open-source and proprietary disk forensic tools to attempt in recovering anti-forensically doctored data. Various anti-forensic tools and techniques are used for hiding data items or manipulating their metadata properties, onto digital exhibits such as USB thumb drive. After performing anti-forensics, the exhibit is examined and analysed using different types of disk forensic tools in an effort to recover the traces of hidden and manipulated data items. Lastly, a comparative analysis is done to determine the relative performances of the disk forensic tools. The results would prove useful for forensic experts to apply appropriate forensic tools for recovering evidences efficiently even when anti-forensics have been done.