Comparison of Acquisition Software for Digital Forensics Purposes

  • Faiz M
  • Prabowo W
N/ACitations
Citations of this article
61Readers
Mendeley users who have this article in their library.

Abstract

Digital Forensics, a term that is increasingly popular with internet needs and increasing cybercrime activity. Cybercrime is a criminal activity with digital media as a tool for committing crimes. The process for uncovering cybercrime is called digital forensics. The initial stage in digital forensics is an acquisition. The acquisition phase is very important because it will affect the level of difficulty and ease in investigating cybercrime. Software acquisition will affect the abandoned artefacts and even overwrite important evidence by the software, therefore investigators must use the best software for the acquisition stage. This study shows the difference in software for the acquisition of the best Random Access Memory (RAM) such as processing time, memory usage, registry key, DLL. This research presents five acquisition software such as FTK Imager, Belkasoft RAM Capturer, Memoryze, DumpIt, Magnet RAM Capturer. Results of this study showed that FTK Imager left about 10 times more artefacts than DumpIt and Memoryze. Magnet RAM Capture the most artefacts, 4 times more than Belkasot RAM Capturer. Software acquisition with many artefacts, namely Capture RAM Magnet and FTK Imager, while for the fastest time is DumpIt and Capture RAM Magnet for software that takes a long time.

Cite

CITATION STYLE

APA

Faiz, M. N., & Prabowo, W. A. (2018). Comparison of Acquisition Software for Digital Forensics Purposes. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 37–44. https://doi.org/10.22219/kinetik.v4i1.687

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free