Studi Komparasi Metode Disk Overwrite dan Factory Reset sebagai Teknik Anti Forensik di Perangkat Android

  • Beni Ike Hendra Kuswara Universitas Islam Indonesia
  • Ahmad Raf'ie Pratama
  • Erika Ramadhani


 This study aims to compare the effectiveness and efficiency of the disk overwrite method and the default factory reset feature as an anti-forensic technique on Android devices. The data collection process in this study was carried out by an experimental process on Android 10 devices, which had gone through each anti-forensic technique process in turn before attempting to recover deleted data using the Photorec software. From the experimental results, it was found that the recovery process yielded nearly identical results between the use of the disk overwrite method, be it 1-pass, 3-pass, 7-pass, or 35-pass, and the default factory reset method, although in terms of operating times there was a stark difference between the five. In other words, the use of the disk overwrite method as an anti-forensic technique in normal cases does not provide any added value compared to the default Android factory reset feature. The results of this study can be used as a guide and reference by new digital forensics practitioners before processing electronic evidence in the form of Android devices. In addition, the results of this study can serve as empirical evidence of the effectiveness and efficiency of the default factory reset feature on Android devices in maintaining user privacy when the device changes ownership.


[1] Samsung, “Spesifikasi Samsung Galaxy S21 Ultra 5G Terbaru | Samsung ID.” (accessed Jan. 03, 2022).
[2] C. Grenier, “CGSecurity,” Jul. 07, 2019. (accessed Jan. 03, 2022).
[3] Piriform, “Change CCleaner for Windows settings – Piriform Support.” (accessed Jan. 03, 2022).
[4] B. L. Gargean, “How Many Times Must You Overwrite a Hard Disk? - Blancco,” 2019. (accessed Jan. 03, 2022).
[5] M. A. Wani, A. AlZahrani, and W. A. Bhat, “File system anti-forensics – types, techniques and tools,” Computer Fraud and Security, vol. 2020, no. 3, pp. 14–19, Mar. 2020, doi: 10.1016/S1361-3723(20)30030-0.
[6] R. Schwamm and N. Rowe, “Effects of the Factory Reset on Mobile Devices,” Journal of Digital Forensics, Security and Law, 2014, doi: 10.15394/jdfsl.2014.1182.
[7] L. Simon and R. Anderson, “Security Analysis of Android Factory Resets,” 2015. [Online]. Available:
[8] B. Chukwuemeka Ogazi-Onyemaechi, A. Dehghantanha; Kim-Kwang, and R. Choo, “Performance of Android Forensics Data Recovery Tools,” 2017.
[9] Statcounter, “Mobile Operating System Market Share Worldwide | Statcounter Global Stats,” 2021. (accessed Jan. 05, 2022).
[10] N. A. Hassan, Digital Forensics Basics - A Practical Guide Using Windows OS. Apress, 2019. doi: 10.1007/978-1-4842-3838-7.
[11] Afonin Oleg, Nikolaev Danil, and Gubanov Yuri, “Countering Anti-Forensic Efforts-Part 1,” 2015.
[12] S. L. Garfinkel, “Anti-forensics: Techniques, detection and countermeasures,” 2007. [Online]. Available:
[13] P. Feng, Q. Li, P. Zhang, and Z. Chen, “Logical acquisition method based on data migration for Android mobile devices,” Digital Investigation, vol. 26, pp. 55–62, Sep. 2018, doi: 10.1016/j.diin.2018.05.003.
[14] J. Snyder, “What are the security risks of rooting your smartphone?” 2021. (accessed Jan. 05, 2022).
[15] Protectstar, “Securely Erase Data on Android - iShredder Android 6.” (accessed Jan. 05, 2022).
[16] Sipicorp, “Secure data wiping and sanitization - Sipi.” (accessed Jan. 05, 2022).
[17] Eraser, “Appendix A: Erasure Methods – Eraser.” (accessed Jan. 05, 2022).
[18] P. Gutmann, “Secure Deletion of Data from Magnetic and Solid-State Memory,” Sixth USENIX Security Symposium Proceedings, Jul. 25, 1996. (accessed Jan. 05, 2022).
[19] Trend Micro, “Hash values - Definition.” (accessed Jan. 05, 2022).