Forensic Tools Comparison on File Carving using Digital Forensics Research Workshop Framework
(1) Master Program of Informatics, Universitas Ahmad Dahlan, Yogyakarta, Indonesia
(2) Department of Information System, Universitas Ahmad Dahlan, Yogyakarta, Indonesia
(3) Department of Electrical Engineering, Universitas Ahmad Dahlan, Yogyakarta, Indonesia
Abstract
Purpose: Cybercrime is the misuse of technology as a tool or medium in committing crimes such as hacking, stealing, deleting, hiding, and destroying information. Cybercriminals tend to delete, hide, and format all the data collected to eliminate traces of digital evidence. In digital forensics, file carving techniques can overcome data loss from storage media. This study aims to determine the results of the file carving process in uncovering digital evidence and evaluating the performance of digital forensic software, including Foremost and Scalpel, based on 3 assessment parameters.
Methods: In this investigation, the Digital Forensics Research Workshop (DFRWS) research method is used with the following stages: Identification, Preservation, Collection, Examination, Analysis, and Presentation.
Results: Comparison results of the data obtained from Foremost and Scalpel forensic tools are based on three primary parameters including the speed of the recovery process, the number of successfully recovered files, and the identical hash value. The Foremost tool managed to recover the carving files in 1 minute and 3 seconds, showing a success rate of 85% with a hash value similarity rate of 70.59%. On the other hand, Scalpel recovered the carving file in 2 minutes 17 seconds, achieving a success rate of 65% with a hash value similarity rate of 7.69%.
Novelty: This data results from the performance of both forensic tool applications in collecting digital evidence from Flash disk storage media.
Keywords
Full Text:
PDFReferences
F. Lathifah and A. Fadhil Musyaffa, “Performance and quality measurement of internet network services at muhammadiyah university of surakarta’s faculty of health sciences with QOS parameter,” J. Student Res. Explor., vol. 1, no. 2, pp. 64–72, Mar. 2023, doi: 10.52465/josre.v1i2.148.
D. A. A. Pertiwi, M. Yusuf, and D. A. Efrilianda, “Operational Supply Chain Risk Management on Apparel Industry Based on Supply Chain Operation Reference (SCOR),” J. Inf. Syst. Explor. Res., vol. 1, no. 1, pp. 17–24, Dec. 2022, doi: 10.52465/joiser.v1i1.103.
“Factors affecting interest in utilization and use of online shop (study on shopee customers),” J. Soft Comput. Explor., vol. 2, no. 2, Sep. 2021, doi: 10.52465/joscex.v2i2.45.
G. T. Siregar and S. Sinaga, “The Law Globalization in Cybercrime Prevention,” Int. J. Law Reconstr., vol. 5, no. 2, pp. 211–227, Sep. 2021, doi: 10.26532/ijlr.v5i2.17514.
G. Cascavilla, D. A. Tamburri, and W.-J. Van Den Heuvel, “Cybercrime threat intelligence: A systematic multi-vocal literature review,” Comput. Secur., vol. 105, p. 102258, Jun. 2021, doi: 10.1016/j.cose.2021.102258.
A. Okutan and Y. Çebi, “A Framework for Cyber Crime Investigation,” Procedia Comput. Sci., vol. 158, pp. 287–294, 2019, doi: 10.1016/j.procs.2019.09.054.
D. Buil-Gil, F. Miró-Llinares, A. Moneva, S. Kemp, and N. Díaz-Castaño, “Cybercrime and shifts in opportunities during COVID-19: a preliminary analysis in the UK,” Eur. Soc., vol. 23, no. S1, pp. S47–S59, 2021, doi: 10.1080/14616696.2020.1804973.
W. A. Al-Khater, S. Al-Maadeed, A. A. Ahmed, A. S. Sadiq, and M. K. Khan, “Comprehensive review of cybercrime detection techniques,” IEEE Access, vol. 8, pp. 137293–137311, 2020, doi: 10.1109/ACCESS.2020.3011259.
P. Siber, “Jumlah Laporan Polisi yang dibuat masyarakat,” Patroli Siber, 2023.
Y. Li and Q. Liu, “A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments,” Energy Reports, vol. 7, pp. 8176–8186, 2021, doi: 10.1016/j.egyr.2021.08.126.
S. Chng, H. Y. Lu, A. Kumar, and D. Yau, “Hacker types, motivations and strategies: A comprehensive framework,” Comput. Hum. Behav. Reports, vol. 5, p. 100167, 2022, doi: 10.1016/j.chbr.2022.100167.
T. U. Rehman, S. Parveen, M. A. Usmani, and M. A. Y. Khan, “Varieties and Skills of Cybercrime,” Int. J. Cyber Behav. Psychol. Learn., vol. 13, no. 1, pp. 1–13, 2023, doi: 10.4018/IJCBPL.324091.
A. Mishra, Y. I. Alzoubi, M. J. Anwar, and A. Q. Gill, “Attributes impacting cybersecurity policy development: An evidence from seven nations,” Comput. Secur., vol. 120, p. 102820, Sep. 2022, doi: 10.1016/j.cose.2022.102820.
M. Javaid, A. Haleem, R. P. Singh, and R. Suman, “Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends,” Cyber Secur. Appl., vol. 1, no. August 2022, p. 100016, Dec. 2023, doi: 10.1016/j.csa.2023.100016.
M. I. Al-Saleh and M. J. Al-Shamaileh, “Forensic artefacts associated with intentionally deleted user accounts,” Int. J. Electron. Secur. Digit. Forensics, vol. 9, no. 2, pp. 167–179, 2017, doi: 10.1504/IJESDF.2017.083992.
K. Conlan, I. Baggili, and F. Breitinger, “Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy,” Digit. Investig., vol. 18, pp. S66–S75, Aug. 2016, doi: 10.1016/j.diin.2016.04.006.
S. Nazah, S. Huda, J. Abawajy, and M. M. Hassan, “Evolution of dark web threat analysis and detection: A systematic approach,” IEEE Access, vol. 8, pp. 171796–171819, 2020, doi: 10.1109/ACCESS.2020.3024198.
A. Kazim, F. Almaeeni, S. Al Ali, F. Iqbal, and K. Al-Hussaeni, “Memory Forensics: Recovering Chat Messages and Encryption Master Key,” 2019 10th Int. Conf. Inf. Commun. Syst. ICICS 2019, pp. 58–64, 2019, doi: 10.1109/IACS.2019.8809179.
K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, “A Survey on Machine Learning Techniques for Cyber Security in the Last Decade,” IEEE Access, vol. 8, pp. 222310–222354, 2020, doi: 10.1109/ACCESS.2020.3041951.
S. Gupta Bhol, J. R. Mohanty, and P. Kumar Pattnaik, “Taxonomy of cyber security metrics to measure strength of cyber security,” Mater. Today Proc., vol. 80, pp. 2274–2279, 2023, doi: 10.1016/j.matpr.2021.06.228.
A. Hamid, M. Alam, H. Sheherin, and A. S. K. Pathan, “Cyber security concerns in social networking service,” Int. J. Commun. Networks Inf. Secur., vol. 12, no. 2, pp. 198–212, 2020, doi: 10.17762/ijcnis.v12i2.4634.
N. Chen and B. Chen, “Defending against OS-Level Malware in Mobile Devices via Real-Time Malware Detection and Storage Restoration,” J. Cybersecurity Priv., vol. 2, no. 2, pp. 311–328, 2022, doi: 10.3390/jcp2020017.
F. Faghihi and M. Zulkernine, “RansomCare: Data-centric detection and mitigation against smartphone crypto-ransomware,” Comput. Networks, vol. 191, p. 108011, 2021, doi: 10.1016/j.comnet.2021.108011.
N. U. Richards and F. E. Eboibi, “African governments and the influence of corruption on the proliferation of cybercrime in Africa: wherein lies the rule of law?,” Int. Rev. Law, Comput. Technol., vol. 35, no. 2, pp. 131–161, 2021, doi: 10.1080/13600869.2021.1885105.
I. Cunha, J. Cavalcante, and A. Patel, “A proposal for curriculum development of educating and training Brazilian police officers in digital forensics investigation and cybercrime prosecution,” Int. J. Electron. Secur. Digit. Forensics, vol. 9, no. 3, pp. 209–238, 2017, doi: 10.1504/IJESDF.2017.085195.
R. I. Ferguson, K. Renaud, S. Wilford, and A. Irons, “PRECEPT: a framework for ethical digital forensics investigations,” J. Intellect. Cap., vol. 21, no. 2, pp. 257–290, 2020, doi: 10.1108/JIC-05-2019-0097.
R. R. Ali, K. M. Mohamad, S. Jamel, and S. K. A. Khalid, “A review of digital forensics methods for JPEG file carving,” J. Theor. Appl. Inf. Technol., vol. 96, no. 17, pp. 5841–5856, 2018.
K. Ghazinour, D. M. Vakharia, K. C. Kannaji, and R. Satyakumar, “A study on digital forensic tools,” IEEE Int. Conf. Power, Control. Signals Instrum. Eng. ICPCSI 2017, pp. 3136–3142, 2018, doi: 10.1109/ICPCSI.2017.8392304.
K. Alghafli, C. Y. Yeun, and E. Damiani, “Techniques for Measuring the Probability of Adjacency between Carved Video Fragments: The VidCarve Approach,” IEEE Trans. Sustain. Comput., vol. 6, no. 1, pp. 131–143, 2021, doi: 10.1109/TSUSC.2019.2914192.
P. Gladyshev and J. I. James, “Decision-theoretic file carving,” Digit. Investig., vol. 22, pp. 46–61, 2017, doi: 10.1016/j.diin.2017.08.001.
M. F. Abdillah and Y. Prayudi, “Data Recovery Comparative Analysis using Open-based Forensic Tools Source on Linux,” Int. J. Adv. Comput. Sci. Appl., vol. 13, no. 9, pp. 633–639, 2022, doi: 10.14569/IJACSA.2022.0130975.
U. Karabiyik and T. Karabiyik, “A game theoretic approach for digital forensic tool selection,” Mathematics, vol. 8, no. 5, pp. 1–13, 2020, doi: 10.3390/MATH8050774.
A. K. Pratama, C. Carudin, and D. Yusup, “Analisis Perbandingan Perangkat Lunak Forensik Digital untuk File Carving dalam Mengungkap Barang Bukti Digital,” JUSTINDO (Jurnal Sist. dan Teknol. Inf. Indones., vol. 6, no. 2, pp. 109–120, 2021, doi: 10.32528/justindo.v6i2.5101.
S. Soni, Y. Fatma, and R. Anwar, “Akuisisi Bukti Digital Aplikasi Pesan Instan ‘Bip’Menggunakan Metode National Institute Of Justice (NIJ),” J. CoSciTech (Computer Sci. Inf. Technol., vol. 3, no. 1, pp. 34–42, 2022, doi: 10.37859/coscitech.v3i1.3694.
I. Riadi, S. Sunardi, and M. E. Rauli, “Live Forensics Analysis of Line App on Proprietary Operating System,” Kinet. Game Technol. Inf. Syst. Comput. Network, Comput. Electron. Control, vol. 4, no. 3, pp. 305–314, Oct. 2019, doi: 10.22219/kinetik.v4i4.850.
R. N. Bintang, R. Umar, and A. Yudhana, “Assess of Forensic Tools on Android Based Facebook Lite with the NIST Method,” Sci. J. Informatics, vol. 8, no. 1, pp. 1–9, 2021, doi: 10.15294/sji.v8i1.26744.
I. Riadi, A. Yudhana, and M. C. F. Putra, “Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method,” Sci. J. Informatics, vol. 5, no. 2, pp. 235–247, 2018, doi: 10.15294/sji.v5i2.16545.
R. Umar, I. Riadi, and B. F. Muthohirin, “Live forensics of tools on android devices for email forensics,” Telkomnika (Telecommunication Comput. Electron. Control., vol. 17, no. 4, pp. 1803–1809, 2019, doi: 10.12928/TELKOMNIKA.v17i4.11748.
A. Yudhana, R. Umar, and A. Ahmadi, “Digital Evidence Identification on Google Drive in Android Device Using NIST Mobile Forensic Method,” Sci. J. Informatics, vol. 6, no. 1, pp. 54–63, 2019, doi: 10.15294/sji.v6i1.17767.
Herman, I. Riadi, and I. A. Rafiq, “Forensic Mobile Analysis on Social Media Using National Institute Standard of Technology Method,” Int. J. Saf. Secur. Eng., vol. 12, no. 6, pp. 707–713, 2022, doi: 10.18280/ijsse.120606.
I. Riadi, Sunardi, and P. Widiandana, “Investigating Cyberbullying on WhatsApp Using Digital Forensics Research Workshop,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 4, no. 4, pp. 730–735, 2020, doi: 10.29207/resti.v4i4.2161.
I. Zuhriyanto, A. Yudhana, and I. Riadi, “Comparative analysis of Forensic Tools on Twitter applications using the DFRWS method,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 4, no. 5, pp. 829–836, Oct. 2020, doi: 10.29207/resti.v4i5.2152.
I. Riadi, H. Herman, and N. H. Siregar, “Mobile Forensic of Vaccine Hoaxes on Signal Messenger using DFRWS Framework,” MATRIK J. Manajemen, Tek. Inform. dan Rekayasa Komput., vol. 21, no. 3, pp. 489–502, 2022, doi: 10.30812/matrik.v21i3.1620.
R. Y. Prasongko, A. Yudhana, and I. Riadi, “Analysis of the Use of the ACPO (Association of Chief Police Officer) Method in WhatsApp Forensics,” J. Sains Komput. Inform. (J-SAKTI, vol. 6, no. 2, pp. 1112–1120, 2022, doi: 10.30645/j-sakti.v6i2.520.
Sunardi, Imam Riadi, and Muh. Hajar Akbar, “Application of Static Forensics Method for Extracting Steganographic Files on Digital Evidence Using the DFRWS Framework,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 4, no. 3, pp. 576–583, Jun. 2020, doi: 10.29207/resti.v4i3.1906.
J. N. Hilgert, M. Lambertz, M. Rybalka, and R. Schell, “Syntactical Carving of PNGs and Automated Generation of Reproducible Datasets,” Digit. Investig., vol. 29, pp. S22–S30, 2019, doi: 10.1016/j.diin.2019.04.014.
A. Yudhana, Imam Riadi, and Budi Putra, “Digital Forensic on Secure Digital High Capacity using DFRWS Method,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 6, pp. 1021–1027, Dec. 2022, doi: 10.29207/resti.v6i6.4615.
I. Riadi, Herman, and N. H. Siregar, “Mobile Forensic Analysis of Signal Messenger Application on Android using Digital Forensic Research Workshop (DFRWS) Framework,” Ingénierie des systèmes d Inf., vol. 27, no. 6, pp. 903–913, Dec. 2022, doi: 10.18280/isi.270606.
S. Sunardi, I. Riadi, R. Umar, and M. F. Gustafi, “Audio Forensics on Smartphone with Digital Forensics Research Workshop (DFRWS) Method,” CommIT (Communication Inf. Technol. J., vol. 15, no. 1, pp. 41–47, Mar. 2021, doi: 10.21512/commit.v15i1.6739.
I. Riadi, H. Herman, and I. A. Rafiq, “Mobile Forensic Investigation of Fake News Cases on Instagram Applications with Digital Forensics Research Workshop Framework,” Int. J. Artif. Intell. Res., vol. 6, no. 2, Jul. 2022, doi: 10.29099/ijair.v6i2.311.
A. Yudhana, I. Riadi, and R. Y. Prasongko, “Forensik WhatsApp Menggunakan Metode Digital Forensic Research Workshop (DFRWS),” J. Inform. J. Pengemb. IT, vol. 7, no. 1, pp. 43–48, 2022, doi: 10.30591/jpit.v7i1.3639.
R. Umar, A. Yudhana, and M. N. Fadillah, “Perbandingan Tools Forensik pada Aplikasi Dompet Digital,” JIKO (Jurnal Inform. dan Komputer), vol. 6, no. 2, pp. 242–250, Sep. 2022, doi: 10.26798/jiko.v6i2.621.
M. H. Akbar, S. Sunardi, and I. Riadi, “Steganalysis Bukti Digital pada Media Storage Menggunakan Metode GCFIM,” JISKA (Jurnal Inform. Sunan Kalijaga), vol. 5, no. 2, pp. 96–106, Sep. 2020, doi: 10.14421/jiska.2020.52-04.
Refbacks
Scientific Journal of Informatics (SJI)
p-ISSN 2407-7658 | e-ISSN 2460-0040
Published By Department of Computer Science Universitas Negeri Semarang
Website: https://journal.unnes.ac.id/nju/index.php/sji
Email: [email protected]
This work is licensed under a Creative Commons Attribution 4.0 International License.