The traditional digital forensics tools, such as The Sleuth Kit(TSK), Autopsy and EnCase, are executed as normal processes in the user space, and they rely on the Operating System(OS) to access the disk and manage the memory. A compromised system could silently alter file content, forge metadata, or delete evidence during analysis, thereby compromising the integrity of the entire chain of custody. This thesis examines the integration of Intel Software Guard Extensions (SGX) with forensics analysis of disk images to address these limitations. The result is a framework that executes the SHA-256 hash calculation, maintains a tamper-evident record of the evidence through a cryptographic hash chain, and performs an ECDSA signature entirely within an SGX enclave.