Main Menu

    Analysis of Forensic Disk Imaging Tools for Data Acquisition and Preservation

    Citation

    Lim, Michelle Chee Ern and Chen, Brandon Hong Chow and Lim, Le Ying and Shanbagamaran, Tarini and Lim, Darren Yong Jun and Hlaing, Ngu War and Rafsanjani, Ahmad Sahban (2025) Analysis of Forensic Disk Imaging Tools for Data Acquisition and Preservation. Journal of Informatics and Web Engineering, 4 (2). pp. 158-181. ISSN 2821-370X

    [img] Text
    View of Analysis of Forensic Disk Imaging Tools for Data Acquisition and Preservation.pdf - Published Version
    Restricted to Repository staff only
    Download (9MB)

    Abstract

    The identification, preservation, analysis, and presentation of electronic evidence to support legal or organizational inquiries constitute the discipline of digital forensics, which is crucial to contemporary investigations. A crucial component of forensic inquiry, disk imaging guarantees precision, dependability, and legal defensibility. Topreserve the original evidence, disk imaging makes an identical, bit-by-bit duplicate of a digital storage device, capturing hidden data, deleted material, and active files. Given the critical role of disk imaging in forensic investigations, selecting the right tool is crucial for accuracy, efficiency, and compliance with forensic standards. This study assesses widely used tools, including AccessData FTK Imager, Guymager, X-Ways Forensics, OSForensics, and FTK Imager, to help researchers and industry professionals choose the most suitable option for their investigative needs. This research examines the usability, imaging speed, supported hashing techniques, supported output formats, and other aspects of each tool to assess their suitability for usage in various forensic scenarios.The shows that X-Ways Forensic is among the greatest imaging tools because of its wide range of supported operations, fast imaging speed, and format compatibility. The result of hash verification, perfectly matched with source data, again establishes the capability of AccessData FTK Imager, FTK Imager, Guymager, X-Ways Forensics, and OS Forensics to ensure forensic soundness. Its capability to generate a detailed report with comprehensive drive geometry and file segmentation establishes its applicability in forensic workflows. Besides, the time consumed for processing shows its applicability in time-critical investigations too.

    Item Type: Article
    Uncontrolled Keywords: Digital Forensics
    Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines
    Depositing User: Ms Rosnani Abd Wahab
    Date Deposited: 25 Jun 2025 08:17
    Last Modified: 25 Jun 2025 08:17
    URII: http://shdl.mmu.edu.my/id/eprint/14015

    Downloads

    Downloads per month over past year

    View ItemEdit (login required)

    MMU Institutional Repository is powered by EPrints | Siti Hasmah Digital Library | Multimedia University