Analysis of Forensic Disk Imaging Tools for Data Acquisition and Preservation
Article Sidebar
Main Article Content
Abstract
The identification, preservation, analysis, and presentation of electronic evidence to support legal or organizational inquiries constitute the discipline of digital forensics, which is crucial to contemporary investigations. A crucial component of forensic inquiry, disk imaging guarantees precision, dependability, and legal defensibility. To preserve the original evidence, disk imaging makes an identical, bit-by-bit duplicate of a digital storage device, capturing hidden data, deleted material, and active files. Given the critical role of disk imaging in forensic investigations, selecting the right tool is crucial for accuracy, efficiency, and compliance with forensic standards. This study assesses widely used tools, including AccessData FTK Imager, Guymager, X-Ways Forensics, OSForensics, and FTK Imager, to help researchers and industry professionals choose the most suitable option for their investigative needs. This research examines the usability, imaging speed, supported hashing techniques, supported output formats, and other aspects of each tool to assess their suitability for usage in various forensic scenarios. The shows that X-Ways Forensic is among the greatest imaging tools because of its wide range of supported operations, fast imaging speed, and format compatibility. The result of hash verification, perfectly matched with source data, again establishes the capability of AccessData FTK Imager, FTK Imager, Guymager, X-Ways Forensics, and OS Forensics to ensure forensic soundness. Its capability to generate a detailed report with comprehensive drive geometry and file segmentation establishes its applicability in forensic workflows. Besides, the time consumed for processing shows its applicability in time-critical investigations too.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
All articles published in JIWE are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License. Readers are allowed to
- Share — copy and redistribute the material in any medium or format under the following conditions:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use;
- NonCommercial — You may not use the material for commercial purposes;
- NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.
References
A. Alazab, A. Khraisat, and S. Singh, “A review on the Internet of Things (IoT) forensics: challenges, techniques, and evaluation of digital forensic tools,” IntechOpen eBooks, Feb. 2023. doi: 10.5772/intechopen.109840.
S. Al-Juboori and S. Jimoh, "Cyber-Securing Medical Devices Using Machine Learning: A Case Study of Pacemaker," Journal of Informatics and Web Engineering, vol. 3, no. 3, p. 271, 2024. doi: 10.33093/jiwe.2024.3.3.17
N. A. Almubairik and F. A. Khan, "Systematic Literature Review on Wearable Digital Forensics: Acquisition Methods, Analysis Techniques, Tools, and Future Directions," IEEE Internet of Things Journal, 2024. doi: https://doi.org/10.1109/JIOT.2024.3485027.
J.-J. Chin, “Editorial: Artificial Intelligence and Cybersecurity in Pervasive Computing,” Journal of Informatics and Web Engineering, vol. 3, no. 3, pp. 208–213, Oct. 2024. doi: 10.33093/jiwe.2024.3.3.13.
A. S. Rafsanjani, N. B. Kamaruddin, M. Behjati, S. Aslam, A. Sarfaraz, and A. Amphawan, "Enhancing malicious URL detection: A novel framework leveraging priority coefficient and feature evaluation," IEEE Access, 2024. doi: 10.1109/ACCESS.2024.3412331
A. S. Rafsanjani, N. B. Kamaruddin, H. M. Rusli, and M. Dabbagh, "Qsecr: Secure qr code scanner according to a novel malicious url detection framework," IEEE Access, vol. 11, pp. 92523-92539, 2023. doi: 10.1109/ACCESS.2023.3291811.
K. M. Salih and N. Dabagh, "Digital forensic tools: A literature review," Journal of Education and Science, vol. 32, no. 1, pp. 109.0-124.0, 2023. doi: 10.33899/edusj.2023.137420.1304.
M. Khanafseh, M. Qatawneh, and W. Almobaideen, "A survey of various frameworks and solutions in all branches of digital forensics with a focus on cloud forensics," International Journal of Advanced Computer Science and Applications, vol. 10, no. 8, 2019. doi: 10.14569/ijacsa.2019.0100880.
A. R. Javed, W. Ahmed, M. Alazab, Z. Jalil, K. Kifayat, and T. R. Gadekallu, "A comprehensive survey on computer forensics: State-of-the-art, tools, techniques, challenges, and future directions," IEEE Access, vol. 10, pp. 11065-11089, 2022. doi:10.1109/ACCESS.2022.3142508.
R. G. Arias, J. B. Higuera, J. J. R. Granados, J. R. B. Higuera, and J. A. S. Montalvo, “Systematic Review: Anti-Forensic Computer Techniques,” Applied Sciences, vol. 14, no. 12, p. 5302, Jun. 2024. doi: 10.3390/app14125302.
S. Sachdeva, B. Raina, and A. Sharma, "Analysis of digital forensic tools," Journal of Computational and Theoretical Nanoscience, vol. 17, no. 6, pp. 2459-2467, 2020. doi: 10.1166/jctn.2020.8916.
C.-H. Yang and P.-H. Yen, "Fast deployment of computer forensics with USBs," in 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, 2010: IEEE, pp. 413-416. doi: 10.1109/BWCCA.2010.106.
K. Parveen and G. Haider, "Digital Investigations: Navigating Challenges in Tool Selection for Operating System Forensics," International Journal for Electronic Crime Investigation, vol. 8, no. 1, pp. 79-92, 2024. doi: 10.54692/ijeci.2024.0801189.
J.-U. Lee and W.-Y. Soh, "Comparative analysis on integrated digital forensic tools for digital forensic investigation," in IOP conference series: materials science and engineering, 2020, vol. 834, no. 1: IOP Publishing, p. 012034. doi: 10.1088/1757-899X/834/1/012034.
A. Abirami and S. Palanikumar, "Proactive network packet classification using artificial intelligence," in Artificial Intelligence for Cyber Security: Methods, Issues and Possible Horizons or Opportunities: Springer, 2021, pp. 169-187.
F. Amato, G. Cozzolino, V. Moscato, and F. Moscato, "Analyse digital forensic evidences through a semantic-based methodology and NLP techniques," Future Generation Computer Systems, vol. 98, pp. 297-307, 2019. doi: 10.1016/j.future.2019.02.040.
T. Wu, F. Breitinger, and S. O'Shaughnessy, "Digital forensic tools: Recent advances and enhancing the status quo," Forensic Science International: Digital Investigation, vol. 34, p. 300999, 2020. doi: 10.1016/j.fsidi.2020.300999
J. Cosic, C. Schlehuber, and D. Morog, "Digital forensic investigation process in railway environment," in 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS), 2021: IEEE, pp. 1-6. doi: 10.1109/NTMS49979.2021.9432658.
E. E.-D. Hemdan and D. Manjaiah, "An efficient digital forensic model for cybercrimes investigation in cloud computing," Multimedia Tools and Applications, vol. 80, pp. 14255-14282, 2021. doi: 10.1007/s11042-020-10358-x.
S. Costantini, G. De Gasperis, and R. Olivieri, "Digital forensics and investigations meet artificial intelligence," Annals of Mathematics and Artificial Intelligence, vol. 86, no. 1, pp. 193-229, 2019. doi: 10.1007/s10472-019-09632-y.
A. Krivchenkov, B. Misnevs, and D. Pavlyuk, "Intelligent methods in digital forensics: state of the art," in Reliability and Statistics in Transportation and Communication: Selected Papers from the 18th International Conference on Reliability and Statistics in Transportation and Communication, RelStat’18, 17-20 October 2018, Riga, Latvia 18, 2019: Springer, pp. 274-284. doi: 10.1007/978-3-030-12450-2_26.
R. M. A. Mohammad and M. Alqahtani, "A comparison of machine learning techniques for file system forensics analysis," Journal of Information Security and Applications, vol. 46, pp. 53-61, 2019. doi: 10.1016/j.jisa.2019.02.009.
O. M. Alhawi, J. Baldwin, and A. Dehghantanha, "Leveraging machine learning techniques for windows ransomware network traffic detection," Cyber threat intelligence, pp. 93-106, 2018. doi: 10.1007/978-3-319-73951-9_5.
S. Srinivasan, V. Ravi, M. Alazab, S. Ketha, A. M. Al-Zoubi, and S. Kotti Padannayil, "Spam emails detection based on distributed word embedding with deep learning," Machine intelligence and big data analytics for cybersecurity applications, pp. 161-189, 2021. doi: 10.1007/978-3-030-57024-8_7.
S. Sachdeva and A. Ali, "Machine learning with digital forensics for attack classification in cloud network environment," International Journal of System Assurance Engineering and Management, vol. 13, no. Suppl 1, pp. 156-165, 2022. doi: 10.1007/s13198-021-01323-4.
I. H. Sarker, "Machine learning for intelligent data analysis and automation in cybersecurity: current and future prospects," Annals of Data Science, vol. 10, no. 6, pp. 1473-1498, 2023. doi: 10.1007/s40745-022-00444-2.
A. Singh, A. R. Ikuesan, and H. S. Venter, “Digital Forensic Readiness Framework for Ransomware investigation,” in Springer eBooks, 2018, pp. 91–105. doi: 10.1007/978-3-030-05487-8_5.
D. Sun, X. Zhang, K.-K. R. Choo, L. Hu, and F. Wang, “NLP-based digital forensic investigation platform for online communications,” Computers & Security, vol. 104, p. 102210, Jan. 2021. doi: 10.1016/j.cose.2021.102210.
G. Al-Asad, M. Al-Husainy, M. Bani-Hani, A. Al-Zu’bi, S. Albatienh, and H. Abuoliem, “Comparative assessment of hash functions in securing encrypted images,” Engineering Technology & Applied Science Research, vol. 14, no. 6, pp. 18750–18755, Dec. 2024. doi: 10.48084/etasr.8961.
A. Alshammari, “Detection and Investigation Model for the Hard Disk Drive Attacks using FTK Imager,” International Journal of Advanced Computer Science and Applications, vol. 14, no. 7, Jan. 2023. doi: 10.14569/ijacsa.2023.0140784.
L. Lau, “Book Review: The X-Ways Forensics Practitioner’s Guide,” The Journal of Digital Forensics, Security and Law, Jan. 2014. doi: 10.15394/jdfsl.2014.1188.
H. Kang et al., “Android-Based Audio Video Navigation System Forensics: A case study,” Applied Sciences, vol. 13, no. 10, p. 6176, May 2023. doi: 10.3390/app13106176.
N. A. H. Haldar, "Advances in digital forensics frameworks and tools," Cyber Warfare and Terrorism: Concepts, Methodologies, Tools, and Applications: Concepts, Methodologies, Tools, and Applications, vol. 165, 2020. doi: 10.4018/978-1-7998-2466-4.ch010
S. Fleischmann, "X-Ways Forensics/WinHex Manual.," ed: X-Ways Forensics Computer Forensics Integrated Software, 2012.
S. A. Gyimah, "X-Ways Forensics Platform For Digital Forensics Examiners," Book Chapter Series on Research Nexus in IT, Law, Cyber Security & Forensics, pp. 353-356, 2022.