Hits : 60
Two-Step Injection Method for Collecting Digital Evidence in Digital Forensics
Nana Rachmana Syambas & Naufal El Farisi
Telematics Laboratory, School of Electrical and Informatics Engineering, Institut Teknologi Bandung, Jl. Ganesha No. 10, Bandung 40132, Indonesia Email: nana@stei.itb.ac.id
Abstract. In digital forensic investigations, the investigators take digital evidence from computers, laptops or other electronic goods. There are many complications when a suspect or related person does not want to cooperate or has removed digital evidence. A lot of research has been done with the goal of retrieving data from flash memory or other digital storage media from which the content has been deleted. Unfortunately, such methods cannot guarantee that all data will be recovered. Most data can only be recovered partially and sometimes not perfectly, so that some or all files cannot be opened. This paper proposes the development of a new method for the retrieval of digital evidence called the Two-Step Injection method (TSI). It focuses on the prevention of the loss of digital evidence through the deletion of data by suspects or other parties. The advantage of this method is that the system works in secret and can be combined with other digital evidence applications that already exist, so that the accuracy and completeness of the resulting digital evidence can be improved. An experiment to test the effectiveness of the method was set up. The developed TSI system worked properly and had a 100% success rate.
Keywords: digital evidence; digital forensics; hidden application; keyloggers; TSI.
Download Article
|