File carving Analyze of Foremost and Autopsy on external SSD mSATA using the Association of Chief Police Officer Method

File carving is a method for recovering files using software such as Foremost and Autopsy. The recovery is conducted for deleted files or formatted devices. Popularity Solid State Drive (SSD) has outperformed Hard Disk Drive (HDD) because SSD is faster, more efficient, and shock resistant. However, recovering SSD devices have a lower probability success rate than HDD because the security system often hampers files recovered on SSD. Based on previous research, the success rate of Security Digital High Capacity (SDHC) only achieved 50% more than SSD, whereas SSD can only return 85.7% of its success. Forensics Digital is a part of Forensics Knowledge for deliver valid digital evidence for law investigation. This research aims to increase the success rate of recovery files using two different software: Foremost and Autopsy. The research uses a 512GB Eaget brand SSD with a New Technology File System (NTFS). The file carving is also conducted using the Association of Chief Police Officers (ACPO) method. APCO has several stages: Planning, Capture, Analysis, and Presentation. The experiment results show that Autopsy software with deep recover mode returned 81 out of 88 files (92%), whereas Foremost software run on Debian to make sure no virus on device that could damage computer especially windows system. First attempt recovery can only return 46 out of 88 files (52%). The findings show that the Autopsy software has a higher successful return rate and can be used for evidence in law enforcement and digital forensics investigations.