Investigasi Bukti Digital Optical Drive Menggunakan Metode National Institute of Standard and Technology (NIST)

摘要

DVD-R is a type of optical drive that can store data in one burning process. However, there is a feature that allows erasing data in a read-only type, namely multisession. The research was conducted to implement the data acquisition process which was deleted from a DVD-R using Autopsy forensic tools and FTK Imager. The National Institute of Standards and Technology (NIST) is a method commonly used in digital forensics in scope storage with stages, namely collection, examination, analysis, and reporting. The acquisition results from Autopsy and FTK-Imager show the same results as the original file before being deleted, validated by matching the hash value. Based on the results obtained from the analysis and presentation stages, it can be concluded from the ten files resulting from data acquisition using the FTK Imager and Autopsy tools on DVD-R. FTK Imager detects two file systems, namely ISO9660 and Joliet, while the Autopsy tool only has one file system, namely UDF. The findings on the FTK Imager tool successfully acquired ten files with matching hash values and Autopsy Tools detected seven files with did not find three files with extensions, *.MOV, *.exe, *.rar. Based on the results of the comparative analysis of the performance test carried out on the FTK Imager, it got a value of 100% because it managed to find all deleted files and Autopsy got a value of 70% because 3 files were not detected because 3 files were not detected and the hash values ??were empty with the extensions * .exe, * .rar and *.MOV. This is because the Autopsy tool cannot detect the three file extensions.