Implementation of Live Forensic Method on Fusion Hard Disk Drive (HDD) and Solid State Drive (SSD) RAID 0 Configuration TRIM Features

Desti Mualfah, Rizdqi Akbar Ramadhan, Muhammad Arrafi Arrasyid

Abstract


One of the solutions used for access speeds is to maximize non-volatile storage functions by a conventional Hard Disk Driver with Solid State Drive that has the TRIM architecture using the Redundant Array of Inexpensive Disks 0 configuration or the commonly known RAID 0. RAID 0 is a stripping technique that has the highest speed among other RAID configurations. However, this configuration has a disadvantage in that when there is damage to one of the storage disks all the data will be corrupted and lost. It's becoming one of the challenges in digital forensic investigation when it comes to computer crime. Furthermore, this research uses experimental practices using live forensic methods to perform analysis and examination against the merger of HDD and SSD configuration RAID 0 TRIM features. The expected is an overview of the characteristics of recovery capability to find out the authenticity integrity values of files that have been lost or permanently deleted on both TRIM SSD functions disable and enable. Furthermore, this research is expected to be a solution for the experimental and practical investigation of computer crime especially in Indonesia given the increasing development of technology that is directly compared with the rise in computer crime. 


Keywords


HDD, SSD, RAID 0, live forensic, recovery file

References


[1] D. Mualfah and R. A. Ramadhan, “Analisis Forensik Metadata Kamera CCTV Sebagai Alat Bukti Digital,” Digit. Zo. J. Teknol. Inf. dan Komun., vol. 11, no. 2, pp. 257–267, 2020, doi: 10.31849/digitalzone.v11i2.5174.

[2] D. Mualfah and R. A. Ramadhan, “Analisis Digital Forensik Rekaman Kamera CCTV Menggunakan Metode NIST (National Institute of Standards Technology),” IT J. Res. Dev., vol. 5, no. 2, pp. 171–182, 2020, doi: 10.25299/itjrd.2021.vol5(2).5731.

[3] K. S. Singh, A. Irfan, and N. Dayal, “Cyber Forensics and Comparative Analysis of Digital Forensic Investigation Frameworks,” … Syst. Comput. Networks …, 2019, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/9036214/. doi: 3. 10.1109/ISCON47742.2019.9036214

[4] R. A. Ramadhan and D. Mualfah, “Implementasi Metode National Institute of Justice (NIJ) Pada Fitur TRIM SOLID STATE DRIVE (SSD) Dengan Objek Eksperimental Sistem Operasi Windows, Linux dan Macintosh,” IT J. Res. Dev., vol. 5, no. 2, pp. 183–192, 2020, doi: 10.25299/itjrd.2021.vol5(2).5750.

[5] R. A. Ramadhan, Y. Prayudi, and B. Sugiantoro, “Implementasi dan Analisis Forensika Digital Pada Fitur Trim Solid State Drive (SSD),” Teknomatika, vol. 9, no. 2, pp. 1–13, 2017, [Online]. Available: http://teknomatika.stmikayani.ac.id/wp-content/uploads/2017/07/1.pdf.

[6] J. Hao, Y. Li, X. Chen, and T. Zhang, “Mitigate HDD Fail-Slow by Pro-actively Utilizing System-level Data Redundancy with Enhanced HDD Controllability and Observability,” IEEE Symp. Mass Storage Syst. Technol., vol. 2019-May, pp. 205–216, 2019, doi: 10.1109/MSST.2019.000-2.

[7] M. Kishani, S. Ahmadian, and H. Asadi, “A Modeling Framework for Reliability of Erasure Codes in SSD Arrays,” IEEE Trans. Comput., vol. 69, no. 5, pp. 649–665, 2020, doi: 10.1109/TC.2019.2962691.

[8] Y. Zhou, F. Wu, W. Huang, and C. Xie, “LiveSSD: A Low-Interference RAID Scheme for Hardware Virtualized SSDs,” IEEE Trans. Comput. Des. Integr. Circuits Syst., vol. 40, no. 7, pp. 1354–1366, 2021, doi: 10.1109/TCAD.2020.3015908.

[9] A. Singh, R. A. Ikuesan, and H. Venter, “Secure Storage Model for Digital Forensic Readiness,” IEEE Access, 2022, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/9713877/. doi: 9. 10.1109/ACCESS.2022.3151403

[10] Z. Shen, L. Han, C. Ma, Z. Jia, T. Li, and Z. Shao, “Leveraging the Interplay of RAID and SSD for Lifetime Optimization of Flash-Based SSD RAID,” IEEE Trans. Comput. Des. Integr. Circuits Syst., vol. 40, no. 7, pp. 1395–1408, 2021, doi: 10.1109/TCAD.2020.3020495.

[11] C. H. Chang and C. W. Chang, “Adaptive Memory and Storage Fusion on Non-Volatile One-Memory System,” Proc. - 2019 IEEE Non-Volatile Mem. Syst. Appl. Symp. NVMSA 2019, pp. 1–6, 2019, doi: 10.1109/NVMSA.2019.8863521.

[12] J. Li, Z. Sha, Z. Cai, F. Trahay, and J. Liao, “Patch-Based Data Management for Dual-Copy Buffers in RAID-Enabled SSDs,” IEEE Trans. Comput. Des. Integr. Circuits Syst., vol. 39, no. 11, pp. 3956–3967, 2020, doi: 10.1109/TCAD.2020.3012252.

[13] G. Sibiya, H. S. Venter, and T. Fogwill, Procedures for a harmonised digital forensic process in live forensics. researchspace.csir.co.za, 2012.

[14] W. Pranoto, I. Riadi, and Y. Prayudi, “Perbandingan Tools Forensics pada Fitur TRIM SSD NVMe Menggunakan Metode Live Forensics,” It J. Res. Dev., vol. 4, no. 2, pp. 135–148, 2020, doi: 10.25299/itjrd.2020.vol4(2).4615.

[15] A. Setya and A. Suganda, “Design of Digital Evidence Collection Framework in Social Media Using SNI 27037: 2014,” JUITA J. Inform., vol. 10, no. 1, p. 127, 2022, doi: 10.30595/juita.v10i1.13149.

[16] H. J. Hadi, N. Musthaq, and I. U. Khan, “SSD Forensic: Evidence Generation and Forensic Research on Solid State Drives Using Trim Analysis,” 2021 Int. Conf. Cyber Warf. Secur. ICCWS 2021 - Proc., pp. 51–56, 2021, doi: 10.1109/ICCWS53234.2021.9702989.

[17] D. Hariyadi, “Komparasi Penanganan Barang Bukti Elektronik dan/atau Barang Bukti Digital sesuai SOP Pusat Laboratorium Forensik Polisi Republik Indonesia,” pp. 1–5, 2019, doi: 10.31219/osf.io/37at6.

[18] A. Singh and S. Kumar, “Working Efficiency of the Sleuth Kit in Forensic Data Recovery: a Review,” Researchgate.Net, no. June, 2020, [Online]. Available: https://www.researchgate.net/profile/Abhinav_Singh24/publication/343040978_Working_Efficiency_Of_The_Sleuth_Kit_In_Forensic_Data_Recovery_A_Review/links/5f1743e645851515ef3c36c5/Working-Efficiency-Of-The-Sleuth-Kit-In-Forensic-Data-Recovery-A-Review.pdf.

[19] W. Y. Sulistyo, I. Riadi, and A. Yudhana, “Penerapan Teknik SURF pada Forensik Citra untuk Analisa Rekayasa Foto Digital,” JUITA J. Inform., vol. 8, no. 2, p. 179, 2020, doi: 10.30595/juita.v8i2.6602.

[20] S. Shafar, “Prinsip Dan Prosedur Dasar Penanganan Bukti Digital Dalam Computer Crime Dan Compute Related Crime Prinsip Dan Prosedur Dasar Penanganan Bukti Digital Dalam Computer Crime Dan Compute Related Crime DISUSUN OLEH : UNIVERSITAS ISLAM INDONESIA ( UII ) YOKYAK,” no. January 2014, 2019.

[21] G. Bell and R. Boddington, “Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery?,” J. Digit. Forensics, Secur. Law, vol. 5, no. 3, 2010, doi: 10.15394/jdfsl.2010.1078.

[22] A. Dowling, “Digital forensics: A demonstration of the effectiveness of the sleuth kit and autopsy forensic browser,” Http://Hdl.Handle.Net/10523/1338, no. August, 2006. doi: 10.30595/juita.v8i2.6602.


Full Text: PDF

DOI: 10.30595/juita.v12i1.19508

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

ISSN: 2579-8901