Article Sidebar

Submitted
March 15, 2025
Accepted
May 25, 2025
Published
May 30, 2025
Download
pdf (Bahasa Indonesia)
Statistic
Read Counter : 441 Download : 275

Main Article Content

Abstract

The recovery of deleted data is an important aspect of forensic digital investigations, especially in identifying relevant evidence. However, deletion techniques such as the Sdelete command implement the Department of Defense (DoD) 5220.22-M standard which can permanently delete so that the process of recovering digital evidence from storage media will be difficult, while deletion using Shift+Delete only removes file references without overwriting the data, thus allowing data recovery with file carving techniques. This study uses a static forensic method, where the data in the flash drive has been deleted and acquired using FTK Imager so as to produce an imaging file to maintain the integrity of the evidence. After that, the imaging file is processed using file carving tools. This study aims to compare the results of deleted recovery using the Sdelete command and the Shift + Delete key combination and assess based on the highest percentage of the results of three file carving tools, namely Autopsy, Axiom Magnet, and Photore. The results of the study show that files deleted using Sdelete cannot be recovered by the three tools, both in terms of artifact findings and the suitability of hash values, according to Microsoft's claims. In contrast, files that have been deleted using the Shift + Delete key combination can still be recovered with varying success. PhotoRec has the highest recovery rate (90%), followed by Autopsy (88%) and Axiom Magnet (60%). In terms of hash value suitability, PhotoRec reaches 80%, while Autopsy 76% and Axiom Magnet 50%. These findings confirm that Sdelete is effective in permanently deleting data, while the Shift + Delete combination still allows for recovery with varying success rates. The author hopes that this research can be a new knowledge for digital forensic investigators in terms of selecting the most suitable file carving tools for digital evidence recovery.

Keywords

Digital Forensik File carving Recovery Data Sdelete Static Forensic

Article Details

License

Copyright (c) 2025 Rosi Rahmadi Syahputra, Yudi Prayudi

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

PLAGIARISM CHECK

All manuscripts submitted to AJIE will be checked free of plagiarism elements. Manuscripts that do not meet the requirements will be returned to the author for further correction or will be rejected immediately.

The plagiarism check used by AJIE is Turnitin.

 

How to Cite
Rosi Rahmadi, & Prayudi, Y. . (2025). Perbandingan Hasil Recovery File terhadap Penghapusan File menggunakan Perintah Sdelete dan Shift+Delete: indonesia. AJIE (Asian Journal of Innovation and Entrepreneurship), 9(02), 117–131. https://doi.org/10.20885/ajie.vol9.iss2.art5
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX

References

  1. Abdillah, M. F., & Prayudi, Y. (2022). Data Recovery Comparative Analysis using Open-based Forensic Tools Source on Linux. International Journal of Advanced Computer Science and Applications, 13(9), 633–639. https://doi.org/10.14569/IJACSA.2022.0130975
  2. Agustiono, W., Suci, D. W., & Prastiti, N. (2024). Analisis Forensik Digital Menggunakan Metode NIST untuk Memulihkan Barang Bukti yang Dihapus. Jurnal Teknologi dan Informasi, 14(2), 174–185. https://doi.org/10.34010/jati.v14i2.12952
  3. cgsecurity. (2024). PhotoRec. https://www.cgsecurity.org/
  4. Dasmen, R. N., Triwulanda, A., Rasmila, R., Kurniawan, D., & Julia, J. (2024). Implementation of Digital Forensics PhotoRec in Recovering Lost Files on External Storage. PIKSEL : Penelitian Ilmu Komputer Sistem Embedded and Logic, 12(1), 173–178. https://doi.org/10.33558/piksel.v12i1.9444
  5. Fakhri, L. J., Riadi, I., & Yudhana, A. (2023). Forensic Tools Comparison on File Carving using Digital Forensics Research Workshop Framework. Scientific Journal of Informatics, 10. http://journal.unnes.ac.id/nju/index.php/sji
  6. Julian, D., Wijaya, A., & Sutabri, T. (2023). Perbandingan Kinerja Aplikasi Pengembalian Data Untuk Digital Forensik Dengan Metode National Institute of Standards and Technology. Digital Transformation Technology (Digitech), 3. https://doi.org/10.47709/digitech.v3i1.2727
  7. Jupriadi Fakhri, L., Riadi, I., & Yudhana, A. (2023). Forensic Tools Comparison on File Carving using Digital Forensics Research Workshop Framework. Scientific Journal of Informatics, 10(4). https://doi.org/10.15294/sji.v10i4.46901
  8. Matondang, J., Maulana, I., & Carudin. (2023). Analisis Perbandingan Perangkat Lunak Forensik Digital File Carving Menggunakan NIST. Innovative: Journal Of Social Science Research, 3. https://j-innovative.org/index.php/Innovative
  9. Microsoft. (2022). SDelete v2.05. https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete
  10. Muhardinata, M., Luthfi, A., & Ramadhani, E. (2023). Teknik Disk Carving untuk Recovery Solid State Drive Volume ReFS dan NTFS dengan Fitur TRIM. JIIP - Jurnal Ilmiah Ilmu Pendidikan, 6(11), 9507–9515. https://doi.org/10.54371/jiip.v6i11.3133
  11. Nayak, S. C. (2024). Data Recovery Beyond the Obvious Using Digital Forensic Techniques. Montclair State Unversity.
  12. Porter, K., Nordvik, R., Toolan, F., & Axelsson, S. (2021). Timestamp prefix carving for filesystem metadata extraction. Forensic Science International: Digital Investigation, 38, 301266. https://doi.org/10.1016/j.fsidi.2021.301266
  13. Pratama, A. K., Carudin, C., & Yusup, D. (2021). Analisis Perbandingan Perangkat Lunak Forensik Digital untuk File Carving dalam Mengungkap Barang Bukti Digital. JUSTINDO (Jurnal Sistem dan Teknologi Informasi Indonesia), 6(2), 109–120. https://doi.org/10.32528/justindo.v6i2.5101
  14. Rafiq, I. A., Riadi, I., & Herman. (2022). Perbandingan Forensic Tools pada Instagram Menggunakan Metode NIST. JISKA (Jurnal Informatika Sunan Kalijaga), 7(2), 134–142. https://doi.org/10.14421/jiska.2022.7.2.134-142
  15. Sari, S. A., & Mohamad, K. M. (2020). A Review of Graph Theoretic and Weightage Techniques in File Carving. Journal of Physics: Conference Series, 1529(5), 052011. https://doi.org/10.1088/1742-6596/1529/5/052011
  16. Setiawan, I., Rusydi, I., Rahmawati, A., & Hasanah, S. (2022). Jejak Digital Sebagai Alat Bukti Penunjuk Menurut Pasal 184 Kitab Undang Undang Hukum Acara Pidana. Jurnal Ilmiah Galuh Justisi, 10(1), 119. https://doi.org/10.25157/justisi.v10i1.7236
  17. Siamukulule, M. (2024). A Deep Dive into Magnet AXIOM’s Workflow: Exploring the Roles of AXIOM Process and AXIOM Examine in Digital Evidence Acquisition and Analysis. International Journal for Multidisciplinary Research (IJFMR), 6(6).
  18. Yuladi, A. I., & Indrayani, R. (2023). Analisis dan Perbandingan Tools Forensik menggunakan Metode NIST Dalam Penanganan Kasus Kejahatan Siber. Jurnal Teknologi Terpadu, 9(2), 95–100. https://doi.org/10.54914/jtt.v9i2.636
  19. Yuwono, D. T., & W, Y. (2020). Analisis Perbandingan File Carving Dengan Metode Nist. Jurnal Sains Komputer dan Teknologi Informasi, 2(2), 1–6. https://doi.org/10.33084/jsakti.v2i2.1472