Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Big Data Forensics: Learning Hadoop Investigations
  • Toc
  • feedback
Big Data Forensics: Learning Hadoop Investigations

Big Data Forensics: Learning Hadoop Investigations

By : Joe Sremack
5 (3)
close
Big Data Forensics: Learning Hadoop Investigations

Big Data Forensics: Learning Hadoop Investigations

5 (3)
By: Joe Sremack

Overview of this book

Big Data forensics is an important type of digital investigation that involves the identification, collection, and analysis of large-scale Big Data systems. Hadoop is one of the most popular Big Data solutions, and forensically investigating a Hadoop cluster requires specialized tools and techniques. With the explosion of Big Data, forensic investigators need to be prepared to analyze the petabytes of data stored in Hadoop clusters. Understanding Hadoop’s operational structure and performing forensic analysis with court-accepted tools and best practices will help you conduct a successful investigation. Discover how to perform a complete forensic investigation of large-scale Hadoop clusters using the same tools and techniques employed by forensic experts. This book begins by taking you through the process of forensic investigation and the pitfalls to avoid. It will walk you through Hadoop's internals and architecture, and you will discover what types of information Hadoop stores and how to access that data. You will learn to identify Big Data evidence using techniques to survey a live system and interview witnesses. After setting up your own Hadoop system, you will collect evidence using techniques such as forensic imaging and application-based extractions. You will analyze Hadoop evidence using advanced tools and techniques to uncover events and statistical information. Finally, data visualization and evidence presentation techniques are covered to help you properly communicate your findings to any audience.
Table of Contents (10 chapters)
close
close
Preface
chevron up
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Starting Out with Forensic Investigations and Big Data
1. Starting Out with Forensic Investigations and Big Data
An overview of computer forensics
What is Big Data?
Big Data forensics
Summary
2
2. Understanding Hadoop Internals and Architecture
2. Understanding Hadoop Internals and Architecture
The Hadoop architecture
Hadoop data analysis tools
Managing files in Hadoop
The Hadoop forensic evidence ecosystem
Running Hadoop
Summary
3
3. Identifying Big Data Evidence
3. Identifying Big Data Evidence
Identifying evidence
Locating sources of data
The chain of custody documentation
Summary
4
4. Collecting Hadoop Distributed File System Data
4. Collecting Hadoop Distributed File System Data
Forensically collecting a cluster system
Physical versus remote collections
HDFS collections through the host operating system
The Hadoop shell command collection
Collection via Sqoop
Other HDFS collection approaches
Summary
5
5. Collecting Hadoop Application Data
5. Collecting Hadoop Application Data
Application collection approaches
Validating application collections
Collecting Hive evidence
Collecting HBase evidence
Collecting other Hadoop application data and non-Hadoop data
Summary
6
6. Performing Hadoop Distributed File System Analysis
6. Performing Hadoop Distributed File System Analysis
The forensic analysis process
Analysis preparation
Analysis
Summary
7
7. Analyzing Hadoop Application Data
7. Analyzing Hadoop Application Data
Preparing the analysis environment
Pre-analysis steps
Analyzing data
Summary
8
8. Presenting Forensic Findings
8. Presenting Forensic Findings
Types of reports
Developing the report
Testimony and other presentations
Summary
9
Index
Index

Preface

Forensics is an important topic for law enforcement, civil litigators, corporate investigators, academics, and other professionals who deal with complex digital investigations. Digital forensics has played a major role in some of the largest criminal and civil investigations of the past two decades—most notably, the Enron investigation in the early 2000s. Forensics has been used in many different situations. From criminal cases, to civil litigation, to organization-initiated internal investigations, digital forensics is the way data becomes evidence—sometimes, the most important evidence—and that evidence is how many types of modern investigations are solved.

The increased usage of Big Data solutions, such as Hadoop, has required new approaches to how forensics is conducted, and with the rise in popularity of Big Data across a wide number of organizations, forensic investigators need to understand how to work with these solutions. The number of organizations who have implemented Big Data solutions has surged in the past decade. These systems house critical information that can provide information on an organization's operations and strategies—key areas of interest in different types of investigations. Hadoop has been the most popular of the Big Data solutions, and with its distributed architecture, in-memory data storage, and voluminous data storage capabilities, performing forensics on Hadoop offers new challenges to forensic investigators.

A new area within forensics, called Big Data forensics, focuses on the forensics of Big Data systems. These systems are unique in their scale, how they store data, and the practical limitations that can prevent an investigator from using traditional forensic means. The field of digital forensics has expanded from primarily dealing with desktop computers and servers to include mobile devices, tablets, and large-scale data systems. Forensic investigators have kept pace with the changes in technologies by utilizing new techniques, software, and hardware to collect, preserve, and analyze digital evidence. Big Data solutions, likewise, require different approaches to analyze the collected data.

In this book, the processes, tools, and techniques for performing a forensic investigation of Hadoop are described and explored in detail. Many of the concepts covered in this book can be applied to other Big Data systems—not just Hadoop. The processes for identifying and collecting forensic evidence are covered, and the processes for analyzing the data as part of an investigation and presenting the findings are detailed. Practical examples are given by using LightHadoop and Amazon Web Services to develop test Hadoop environments and perform forensics against them. By the end of the book, you will be able to work with the Hadoop command line and forensic software packages and understand the forensic process.

Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete