Title: Real-time digital forensic triaging for cloud data analysis using MapReduce on Hadoop framework
Authors: Digambar Povar; Saibharath; G. Geethakumari
Addresses: Department of Computer Science and Information Systems, BITS Pilani, Hyderabad Campus, Jawaharnagar, Shameerpet, Hyderabad, Telangana, India ' Department of Computer Science and Information Systems, BITS Pilani, Hyderabad Campus, Jawaharnagar, Shameerpet, Hyderabad, Telangana, India ' Department of Computer Science and Information Systems, BITS Pilani, Hyderabad Campus, Jawaharnagar, Shameerpet, Hyderabad, Telangana, India
Abstract: Cloud computing is a relatively new model in the computing world after several computing paradigms like personal, ubiquitous, grid, mobile, and utility computing. Cloud computing is synonymous with virtualisation which is about creating virtual versions of the hardware platform, the operating system or the storage devices. Virtualisation is omnipresent in the cloud environment that poses challenges to implementation of security as well as cybercrime investigation. Techniques used in traditional digital forensics may not be appropriate for timely analysis of large capacity virtual hard disk files. Hence, there is a need for reducing analysis time for cloud crime cases like child pornography, financial frauds, etc. In this paper, we designed and developed a new 'real-time digital forensic analysis process' to minimise the overall processing time of evidence. Using this approach, the investigator can search user specified patterns (for example headers, footers), which can also be used for carving files from evidence data.
Keywords: cloud computing; virtual machines; cybercrime; digital evidence; digital forensics; cloud crime; cloud forensics; digital forensic triage; MapReduce; Hadoop.
DOI: 10.1504/IJESDF.2015.069602
International Journal of Electronic Security and Digital Forensics, 2015 Vol.7 No.2, pp.119 - 133
Received: 21 Jun 2014
Accepted: 04 Dec 2014
Published online: 28 May 2015 *