Comparison of Acquisition Software for Digital Forensics Purposes

Faiz, Muhammad Nur and wahyu, Adi Prabowo Comparison of Acquisition Software for Digital Forensics Purposes. LPPI Universitas Muhammadiyah Malang.

Preview

Text WAP Paper KINETIK Comparison of Acquisition Software.pdf - Accepted Version Download (409kB) | Preview

Abstract

Digital Forensics, a term that is increasingly popular with internet needs and increasing cybercrime activity. Cybercrime is a criminal activity with digital media as a tool for committing crimes. The process for uncovering cybercrime is called digital forensics. The initial stage in digital forensics is an acquisition. The acquisition phase is very important because it will affect the level of difficulty and ease in investigating cybercrime. Software acquisition will affect the abandoned artefacts and even overwrite important evidence by the software, therefore investigators must use the best software for the acquisition stage. This study shows the difference in software for the acquisition of the best Random-Access Memory (RAM) such as processing time, memory usage, registry key, DLL. This research presents five acquisition software such as FTK Imager, Belkasoft RAM Capturer, Memoryze, DumpIt, Magnet RAM Capturer. Results of this study showed that FTK Imager left about 10 times more artefacts than DumpIt and Memoryze. Magnet RAM Capture the most artefacts, 4 times more than Belkasot RAM Capturer. Software acquisition with many artefacts, namely Capture RAM Magnet and FTK Imager, while for the fastest time is DumpIt and Capture RAM Magnet for software that takes a long time.

Actions (login required)

View Item