Procedures for Digital Forensics and Incident Response on Including Data Integrity Constraints on Solid-State Drives (SSD) - A Literature Review
Keywords:Digital Forensics, Incident Response, SSD, HDD, Forensic Acquisition
Background/Purpose: To get evidence from suspect computers running on Windows Operating System, law enforcement agencies and corporations follow many standard procedures relevant to Digital Forensics and Incident Response processes. The primary contrast between forensics and incident response is that forensics is evidence-driven and is often more closely connected with criminal activity, while incident response is more focused on discovering, containing, and recovering from breach of security incidents. A guideline is often intended to simplify certain procedures in accordance with a predefined routine or good practice. As data storage technology progresses from hard disc drives (HDDs) to solid-state drives (SSDs), it has become more difficult for Digital Forensics Analysts to perform evidence acquisition tasks from suspicious systems due to file integrity issues. Existing forensic principles and methods were created mostly on the basis of hard disc drive technology. This literature survey analyses several guidelines to identify gaps in SSD Forensic challenges and makes recommendations for improvement.
Objective: To survey leading Digital Forensics and Incident Response guidelines on how SSD forensic acquisition procedures are outlined and to find the gaps and suggest enhancements that might be made.
Design/Methodology/Approach: Data from academic papers, web articles, and other sources is analysed and presented using ABCD analysis.
Findings/Results: Cyber Security Framework is a vital aspect of an organisations strategy to safeguard its IT assets from cyber assaults and other form of damages. Most organisation use NIST framework since it is being generally acknowledged. However, owing to quick improvement in new technologies CSF’s need to be kept up to date in order to confront emerging cyber security threats. After verifying the policy framework of NIST 800-61, it was determined that the SSD forensic gathering approach which raises problems about data integrity has not been addressed.
Originality/Value: A study comparing and contrasting different CSFs in the field of Digital Forensics and Incident Response with the most recent emerging technologies will draw more attention to this area from a wider range of stakeholders, allowing the policy framework to keep pace with the most recent emerging technologies in the same time frame.
Paper Type: Literature Review Paper.