by Josué Ferreira
From a judicial perspective, the integrity of volatile storage devices has always been a reason for great concern and therefore, it is important for a method to forensically acquire data from Solid State Drives (SSD) to be developed.
The method in this paper presents a way to preserve potential volatile digital evidence, present on SSDs, and produce forensically sound bit-stream copies. Due to the volatile nature of SSDs, Digital Forensic Analysts are often faced with the challenge of preserving the integrity of digital evidence seized from a crime scene.
This paper proposes a method to perform forensic data acquisition from SSDs, while preventing the TRIM function and/or garbage collection from operating without user input, therefore maintaining the integrity of potential digital evidence.
