LOW COST AND ULTRA LOW COST DIGITAL FORENSIC IMAGING DEVICES

The purpose of this study is to explore the evolving technology and systems to find a low cost, efficient and portable solution for hard disk drive forensic imaging.Hard Disk Drive Imaging is one of the most frequently used forensic process which finds its application in both traditional as well as digital crimes and has found massive implementation in detecting cyber-crime incidents leading to cyber warfare. An empirical research was conducted using combination of hardware’s like Intel NUC, Raspberry Pi 3 Model B, Custom Forensic Workstation (CFW), write blockers etc. and software’s like ENCASE and FTK imager to do forensic imaging using multiple hard drives. A comparative analysis of the imaging process using same identical media over various platforms was done.The research shows that Raspberry Pi 3 Model B is a cost effective solution when a small device is to be imaged. Intel NUC with its i3 processor performs better than custom forensic work station with i7 processor when imaging using FTK Imager. The process of imaging involves many intricacies in order to prove the authenticity of evidence in a court of law. Problem in this regard arose when imaging was done using FTK on Linux and analyzed using ENCASE. The format generated on Linux and that recognized by ENCASE is different. The integrity of evidence is thus put to question. It was observed that not all components of each system are needed consecutively for the task of imaging. Consequently if a system is assembled with necessary components, it can help in further reducing the cost drastically.