The Repository @ St. Cloud State

Open Access Knowledge and Scholarship

Date of Award


Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.


Information Assurance and Information Systems


Herberger School of Business

First Advisor

Mark Schmidt

Second Advisor

Paul Safonov

Third Advisor

Balasubramanian Kasi

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.


With the increase in technology comes great innovations. One such transformation is changing from Hard Disks to Solid State Drives. Solid State Drives generally known as SSD’s is a non-volatile memory which became a key storage system nowadays. SSD's are nothing but a storage device like Hard Disks but many times faster with a very much lower power consumption. They are smaller in size and more efficient, the mechanism by which SSDs store and modify data is intrinsically different from hard disk drives. Each innovation has its advantages as well as drawbacks. When it comes to digital forensics working on SSD’s is relatively new. It has been a challenge for the cyber-crime investigators ever since the evolution of SSD's, it was easy in hard disks to retrieve deleted data but when it comes to SSD's, they can automatically retrieve or alter data whenever they are connected to power even without an interface which results in major evidence loss or contamination. There are different types of SSD's which do not function similarly is also a challenge to a cybercrime investigator. The main purpose of this paper is to describe the evolution of SSD's and creating image files of a single SSD and Hard Disk using different forensic tools and comparing results. We create an evidence file and pass it to SSD and HDD with multiple permutations and combinations, then we format the disks and create an image file of both the disks to analyze using a forensic tool. We will also analyze how many evidence files are being deleted completely from both the devices by comparing them with the original number files we passed and the original hits we obtained while performing the analysis on single evidence folder.