Analysis preparation
Several steps are taken at the onset of the analysis phase to prepare the forensic environment for the analysis. The first step is to attach a copy of the evidence to the environment in a read-only manner. Because the amount of forensic data is large in a Big Data investigation, the hard drives containing the evidence should be attached to a sufficiently large storage device in the read-only mode. The Big Data analysis environment should be attached to a network-attached storage (NAS), or other large-scale storage solution. Cloud environments are becoming increasingly common in forensic investigations, but the investigator must ensure that proper security measures are in place and that such storage is acceptable for the investigation.
Note
Cloud computing has several advantages for Big Data investigations. These include distributed computing and less of an infrastructure burden being placed on the investigator. However, data upload speeds to many cloud computing environments...