Abstract
The usage of cloud systems is at an all-time high, and with more organizations reaching for Big Data the forensic implications must be analyzed. The Hadoop Distributed File System is widely used both as a cloud service and with organizations implementing it themselves. This paper analyzed the forensic viability of a RAM analysis method for Hadoop based investigations and compared it against targeted process data dumping through the Java heap information. The RAM analysis was done through string searching and the use of the RAM analysis tool Volatility. This work found that RAM analysis can be a valuable tool for discovering artefacts of deleted resources from a Hadoop cluster but was unable to discover further information such as the block to node mapping. The targeted process analysis managed to provide some partial information about deleted resources and produce important metadata on the current state of the file system.
Original language | English |
---|---|
Pages | 1-7 |
Number of pages | 7 |
DOIs | |
Publication status | Published - 26 Apr 2023 |
Event | International Workshop on Design of Reliable Communication Networks - Universitat Politècnica de Catalunya, Vilanova, Spain Duration: 17 Apr 2023 → 20 Apr 2023 Conference number: 19 https://drcn2023.upc.edu/ |
Conference
Conference | International Workshop on Design of Reliable Communication Networks |
---|---|
Abbreviated title | DRCN |
Country/Territory | Spain |
City | Vilanova |
Period | 17/04/23 → 20/04/23 |
Internet address |