Abstract
The development and widespread use of computer systems has increased the need for secure storage of data. At the same time, the analysis of digital data storage devices is very important for forensic IT professionals who aim to access information to clarify the crime. File systems of disk drives use partition structures to securely store data and prevent problems such as corruption. In this study, deletion or corruption of partitions on commonly used DOS / Master Boot Record (MBR) configured hard disk drives are investigated by using forensic tools. In order to analyze hard disk drives, Forensic Tool Kit (FTK), Magnet AXIOM, Encase, Autopsy and The Sleuth Kit (TSK), which are widely used as commercial and open source, are analyzed by using a presented scenario. In the scenario, the primary partition and the extended partition are created using the DOS / MBR partitioning structure on the test disk. Test files are added to the sections and the sections are deleted. The digital forensics tools were tested on the presented scenario. According to the obtained results, TSK and Encase are successful tools for DOS / MBR structured HDD analysis. However, FTK, Magnet AXIOM and Autopsy could not achieve information detection on DOS/MBR structured disks. These results clearly demonstrated that crime data can be hidden in MBR structured HDD. To carve these data, the correct methodology should be selected.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Sakarya University Journal of Computer and Information Sciences
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.