Innovative Learning in a Digital Forensics Laboratory: Tools and Techniques for Data Recovery
Electronic evidence is an essential component in most legal trials of criminal activities, and digital forensics is therefore a crucial support for law enforcement investigations. For instance, a wide range of electronic devices contain Not AND (NAND) flash memory chips, and when a criminal leaves d...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-11-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/14/23/11095 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846124470341730304 |
|---|---|
| author | Carlos Cruz |
| author_facet | Carlos Cruz |
| author_sort | Carlos Cruz |
| collection | DOAJ |
| description | Electronic evidence is an essential component in most legal trials of criminal activities, and digital forensics is therefore a crucial support for law enforcement investigations. For instance, a wide range of electronic devices contain Not AND (NAND) flash memory chips, and when a criminal leaves digital evidence on non-operational or locked systems, accessing this memory is crucial. Student acquisition of the necessary competences and skills associated with electronic devices, their basic principles, and the associated technologies can be provided by experimental training, as done with the optional Digital Forensics module included in the degree in Criminalistics: Forensic Sciences and Technologies offered by the University of Alcalá (Spain). This module equips students with the appropriate skills to extract, process, and authenticate evidence information using suitable tools. The purpose of this study was to investigate the effectiveness of experimental learning, deployed through laboratory digital forensic tasks. A literature review was conducted of novel data extraction and analysis tools and procedures as a guide to the design of data recovery tasks incorporating experimental learning. Drawing on student feedback, our results highlight positive learning outcomes for the students. It is concluded that powerful forensic image analysis freeware is capable of identifying elements, and practical tests involving JTAG/chip−off extraction and analysis yield favorable results. A proposal for future studies is to reduce the destructiveness of invasive extraction methods. |
| format | Article |
| id | doaj-art-d9518a2dcb0848f28314961fb21f2176 |
| institution | Kabale University |
| issn | 2076-3417 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-d9518a2dcb0848f28314961fb21f21762024-12-13T16:22:48ZengMDPI AGApplied Sciences2076-34172024-11-0114231109510.3390/app142311095Innovative Learning in a Digital Forensics Laboratory: Tools and Techniques for Data RecoveryCarlos Cruz0Department of Electronics, University of Alcalá, 28871 Madrid, SpainElectronic evidence is an essential component in most legal trials of criminal activities, and digital forensics is therefore a crucial support for law enforcement investigations. For instance, a wide range of electronic devices contain Not AND (NAND) flash memory chips, and when a criminal leaves digital evidence on non-operational or locked systems, accessing this memory is crucial. Student acquisition of the necessary competences and skills associated with electronic devices, their basic principles, and the associated technologies can be provided by experimental training, as done with the optional Digital Forensics module included in the degree in Criminalistics: Forensic Sciences and Technologies offered by the University of Alcalá (Spain). This module equips students with the appropriate skills to extract, process, and authenticate evidence information using suitable tools. The purpose of this study was to investigate the effectiveness of experimental learning, deployed through laboratory digital forensic tasks. A literature review was conducted of novel data extraction and analysis tools and procedures as a guide to the design of data recovery tasks incorporating experimental learning. Drawing on student feedback, our results highlight positive learning outcomes for the students. It is concluded that powerful forensic image analysis freeware is capable of identifying elements, and practical tests involving JTAG/chip−off extraction and analysis yield favorable results. A proposal for future studies is to reduce the destructiveness of invasive extraction methods.https://www.mdpi.com/2076-3417/14/23/11095NAND memoriesdata extraction and analysiselectronic evidenceforensic electronicsevidence acquisitionexperimental learning |
| spellingShingle | Carlos Cruz Innovative Learning in a Digital Forensics Laboratory: Tools and Techniques for Data Recovery Applied Sciences NAND memories data extraction and analysis electronic evidence forensic electronics evidence acquisition experimental learning |
| title | Innovative Learning in a Digital Forensics Laboratory: Tools and Techniques for Data Recovery |
| title_full | Innovative Learning in a Digital Forensics Laboratory: Tools and Techniques for Data Recovery |
| title_fullStr | Innovative Learning in a Digital Forensics Laboratory: Tools and Techniques for Data Recovery |
| title_full_unstemmed | Innovative Learning in a Digital Forensics Laboratory: Tools and Techniques for Data Recovery |
| title_short | Innovative Learning in a Digital Forensics Laboratory: Tools and Techniques for Data Recovery |
| title_sort | innovative learning in a digital forensics laboratory tools and techniques for data recovery |
| topic | NAND memories data extraction and analysis electronic evidence forensic electronics evidence acquisition experimental learning |
| url | https://www.mdpi.com/2076-3417/14/23/11095 |
| work_keys_str_mv | AT carloscruz innovativelearninginadigitalforensicslaboratorytoolsandtechniquesfordatarecovery |