The development and widespread use of computer systems has increased the need for secure storage of data. At the same time, the analysis of digital data storage devices is very important for forensic IT professionals who aim to access information to clarify the crime. File systems of disk drives use partition structures to securely store data and prevent problems such as corruption. In this study, deletion or corruption of partitions on commonly used DOS / Master Boot Record (MBR) configured hard disk drives are investigated by using forensic tools. In order to analyze hard disk drives, Forensic Tool Kit (FTK), Magnet AXIOM, Encase, Autopsy and The Sleuth Kit (TSK), which are widely used as commercial and open source, are analyzed by using a presented scenario. In the scenario, the primary partition and the extended partition are created using the DOS / MBR partitioning structure on the test disk. Test files are added to the sections and the sections are deleted. The digital forensics tools were tested on the presented scenario. According to the obtained results, TSK and Encase are successful tools for DOS / MBR structured HDD analysis. However, FTK, Magnet AXIOM and Autopsy could not achieve information detection on DOS/MBR structured disks. These results clearly demonstrated that crime data can be hidden in MBR structured HDD. To carve these data, the correct methodology should be selected.
digital forensics dos/mbr partition extended partition lost partition recovery partition anti-forensic
Birincil Dil | İngilizce |
---|---|
Konular | Ampirik Yazılım Mühendisliği |
Bölüm | Makaleler |
Yazarlar | |
Yayımlanma Tarihi | 31 Aralık 2021 |
Gönderilme Tarihi | 13 Kasım 2021 |
Kabul Tarihi | 7 Aralık 2021 |
Yayımlandığı Sayı | Yıl 2021Cilt: 4 Sayı: 3 |
The papers in this journal are licensed under a Creative Commons Attribution-NonCommercial 4.0 International License