Abstract
The rapid development of computer technology in hardware, is currently developing non-volatile computer storage media Solid State Drive (SSD). SSD technology has a faster data access speed than Hard Disk and is currently starting to replace Hard Disk storage media. Freezing software on computer systems is often carried out by computer technicians, because it can save a computer maintenance costs due to errors, be exposed to computer viruses or malware. This software is used to prevent unwanted changes to the computer system, when the computer is restarted changes that occur in the computer system will not be stored on storage media. When this happens, what should be done by digital forensic investigators. This study discusses experimental forensic investigations on SSD media storage with frozen conditions or in this study said the frozen SSD. Frozen SSD is the condition of the drive that is locked so that there is no change in the computer system. Software used to lock and prevent changes such as Deep Freeze, Shadow Defender, Windows Steady State, and Toolwiz Time Freeze. Forensic research stages using methods NIST. The result shows that from comparative analysis conducted with Deep Freeze the results of the RecoverMyFile gives 76.38% and Autopsy gives 75,27%, while frozen condition with Shadow Defender the results of the RecoverMyFile gives 59.72% and Autopsy gives 74.44%. So the results of this study indicate the drive freezing software has an effect obtained can be an obstacle in the digital forensic process.
Highlights
Today's human activities are mostly related to data, information, and communication, and in their activities directly or indirectly will relate to computer technology devices
This section explains the results of research on forensic analysis of digital evidence on frozen solid state drives (SSD)
From the experimental results obtained index values based on the ability of the forensic tool in finding and restoring files, with RecoverMyFile obtained an index value of 76,38%, Autopsy has an index value of 75,27%, FTK has an index value of 0%, Encase has an index value of 0%, and OSForensics has an index value of 0% obtained from 360 files tested with freezing conditions with Deep Freeze software
Summary
Today's human activities are mostly related to data, information, and communication, and in their activities directly or indirectly will relate to computer technology devices. Computer crime has electronic evidence and digital evidence in the form of traces of criminal activity and it is necessary to analyze digital evidence obtained by the forensic method [1]. Proof of computer crime can be in the form of electronic evidence and digital evidence [2]. Electronic evidence can be in the form of the physical form of the electronic device or can be in the form of storage media (storage device), while the digital evidence can be in the form of document files, history files, or log files that can be used as information supporting decision makers. Electronic evidence and digital evidence become the most important things in a computer crime case, because computer crime activities are recorded by a computer system on the main computer storage media
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
