Title: Real-time digital forensic triaging for cloud data analysis using MapReduce on Hadoop framework

Authors: Digambar Povar; Saibharath; G. Geethakumari

Addresses: Department of Computer Science and Information Systems, BITS Pilani, Hyderabad Campus, Jawaharnagar, Shameerpet, Hyderabad, Telangana, India ' Department of Computer Science and Information Systems, BITS Pilani, Hyderabad Campus, Jawaharnagar, Shameerpet, Hyderabad, Telangana, India ' Department of Computer Science and Information Systems, BITS Pilani, Hyderabad Campus, Jawaharnagar, Shameerpet, Hyderabad, Telangana, India

Abstract: Cloud computing is a relatively new model in the computing world after several computing paradigms like personal, ubiquitous, grid, mobile, and utility computing. Cloud computing is synonymous with virtualisation which is about creating virtual versions of the hardware platform, the operating system or the storage devices. Virtualisation is omnipresent in the cloud environment that poses challenges to implementation of security as well as cybercrime investigation. Techniques used in traditional digital forensics may not be appropriate for timely analysis of large capacity virtual hard disk files. Hence, there is a need for reducing analysis time for cloud crime cases like child pornography, financial frauds, etc. In this paper, we designed and developed a new 'real-time digital forensic analysis process' to minimise the overall processing time of evidence. Using this approach, the investigator can search user specified patterns (for example headers, footers), which can also be used for carving files from evidence data.

Keywords: cloud computing; virtual machines; cybercrime; digital evidence; digital forensics; cloud crime; cloud forensics; digital forensic triage; MapReduce; Hadoop.

DOI: 10.1504/IJESDF.2015.069602

International Journal of Electronic Security and Digital Forensics, 2015 Vol.7 No.2, pp.119 - 133

Received: 21 Jun 2014
Accepted: 04 Dec 2014

Published online: 28 May 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article