Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) (Aug 2020)

Implementation of Anti Forensics on Hard Drives Using the DoD 5220.22 M Method and British HMG IS5 E

  • Muh Fadli Hasa,
  • Anton Yudhana,
  • Abdul Fadlil

DOI
https://doi.org/10.29207/resti.v4i4.2165
Journal volume & issue
Vol. 4, no. 4
pp. 736 – 744

Abstract

Read online

The process of securing data is related to anti-forensic science, one of the anti-forensic techniques that can be used to safeguard data security, namely by deleting data on storage media. This study examines the implementation of data deletion using the DoD 5220.22 M and British HMG IS5 E methods, then compares these methods. The comparison of the two methods includes performance tests, forensic tests, and data recovery tests. The results of the performance test show that the two methods are strongly influenced by the anti-forensic tools used and do not provide a significant difference when applied using one of the tools. The results of the implementation of data deletion using both methods on the hard disk drive are declared safe to delete data, as evidenced by the extraction results in the forensic test using the Autopsy tool found files on the partition :F with the number of 252 files and on the partition :I with the number of 1 file and the extraction results from the test Forensics using the Recover My File tool managed to find files with the number of 102 files on different partitions, but all the files found in the forensic test process cannot be accessed. The results of the recovery test show that the safest method in the process of deleting data is the British HMG IS5 E method using the Active @ Kill Disk tool, as evidenced by all the results of the recovery process using three tools that do not find any files. Meanwhile, the application of the deletion method that is generally carried out by users, namely the shift + delete method, is declared unsafe, as evidenced by the results of the recovery tests conducted showing that the deleted files can be recovered 100% and can be reaccessed using recovery tools.

Keywords