A RAM triage methodology for Hadoop HDFS forensics. (September 2016)
- Record Type:
- Journal Article
- Title:
- A RAM triage methodology for Hadoop HDFS forensics. (September 2016)
- Main Title:
- A RAM triage methodology for Hadoop HDFS forensics
- Authors:
- Leimich, Petra
Harrison, Josh
Buchanan, William J. - Abstract:
- Abstract: This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situations. The procedure's aim of minimising disruption to the data centre during the acquisition process is achieved through the use of RAM forensics. This affords initial cluster reconnaissance which in turn facilitates targeted data acquisition on the identified DataNodes. To evaluate the methodology's feasibility, a small Hadoop Distributed File System (HDFS) was configured and forensic artefacts simulated upon it by deleting data originally stored in the cluster. RAM acquisition and analysis was then performed on the NameNode in order to test the validity of the suggested methodology. The results are cautiously positive in establishing that RAM analysis of the NameNode can be used to pinpoint the data blocks affected by the attack, allowing a targeted approach to the acquisition of data from the DataNodes, provided that the physical locations can be determined. A full forensic analysis of the DataNodes was beyond the scope of this project.
- Is Part Of:
- Digital investigation. Volume 18(2016)
- Journal:
- Digital investigation
- Issue:
- Volume 18(2016)
- Issue Display:
- Volume 18, Issue 2016 (2016)
- Year:
- 2016
- Volume:
- 18
- Issue:
- 2016
- Issue Sort Value:
- 2016-0018-2016-0000
- Page Start:
- 96
- Page End:
- 109
- Publication Date:
- 2016-09
- Subjects:
- Digital forensics -- Distributed filesystem forensics -- Cloud storage forensics -- Hadoop forensics -- Triage -- RAM forensics -- Big data
Forensic sciences -- Data processing -- Periodicals
Criminal investigation -- Data processing -- Periodicals
363.250285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/17422876 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.diin.2016.07.003 ↗
- Languages:
- English
- ISSNs:
- 1742-2876
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3588.396620
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 7390.xml