Abstract
AbstractSolid state drive (SSD) is rapidly replacing hard disk drive (HDD) in almost all computing devices. With the exponential growth in SSD technologies, it is quite possible that very soon HDD will become obsolete. It is good news for the end‐users, but may not be so pleasant for the digital forensics examiners. It has been a challenge for the cyber‐crime investigator ever since the evolution of SSD technology. The intrinsic characteristics of SSD are not very supportive for forensic examiners. The TRIM function and background garbage process make it difficult to retrieve deleted artifacts from the SSD. The traditional disk write blocker cannot stop the background process. There is a lot of uncertainty involved in SSD data acquisition. Sometimes it is also difficult to prove the integrity of SSD in the court of law which makes the SSD's legal admissibility questionable. The objective of this article is to examine the uncertainty involved in SSD forensics with experimental analysis. This article discusses in detail the different components of SSD and its working principle followed by experimental forensics analysis, critical observations, guidelines, and recommendations.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
