Forensic Investigation on the Hadoop Distributed File System using RAM analysis

Stuart Laing, Robert Ludwiniak, Brahim El Boudani, christos chrysoulas, George Ubakanma, nikolaos pitropakis

Research output: Contribution to conferencePaperpeer-review

Abstract

The usage of cloud systems is at an all-time high, and with more organizations reaching for Big Data the forensic implications must be analyzed. The Hadoop Distributed File System is widely used both as a cloud service and with organizations implementing it themselves. This paper analyzed the forensic viability of a RAM analysis method for Hadoop based investigations and compared it against targeted process data dumping through the Java heap information. The RAM analysis was done through string searching and the use of the RAM analysis tool Volatility. This work found that RAM analysis can be a valuable tool for discovering artefacts of deleted resources from a Hadoop cluster but was unable to discover further information such as the block to node mapping. The targeted process analysis managed to provide some partial information about deleted resources and produce important metadata on the current state of the file system.
Original languageEnglish
Pages1-7
Number of pages7
DOIs
Publication statusPublished - 26 Apr 2023
EventInternational Workshop on Design of Reliable Communication Networks - Universitat Politècnica de Catalunya, Vilanova, Spain
Duration: 17 Apr 202320 Apr 2023
Conference number: 19
https://drcn2023.upc.edu/

Conference

ConferenceInternational Workshop on Design of Reliable Communication Networks
Abbreviated titleDRCN
Country/TerritorySpain
CityVilanova
Period17/04/2320/04/23
Internet address

Cite this