Abstract
The usage of cloud systems is at an all-time high, and with more organizations reaching for Big Data the forensic implications must be analyzed. The Hadoop Distributed File System is widely used both as a cloud service and with organizations implementing it themselves. This paper analyzed the forensic viability of a RAM analysis method for Hadoop based investigations and compared it against targeted process data dumping through the Java heap information. The RAM analysis was done through string searching and the use of the RAM analysis tool Volatility. This work found that RAM analysis can be a valuable tool for discovering artefacts of deleted resources from a Hadoop cluster but was unable to discover further information such as the block to node mapping. The targeted process analysis managed to provide some partial information about deleted resources and produce important metadata on the current state of the file system.
| Original language | English |
|---|---|
| Title of host publication | 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN) |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 1-7 |
| Number of pages | 7 |
| ISBN (Electronic) | 9781665475983 |
| DOIs | |
| Publication status | Published - 26 Apr 2023 |
| Event | 19th International Conference on the Design of Reliable Communication Networks, DRCN 2023 - Vilanova i la Geltru, Spain Duration: 17 Apr 2023 → 20 Apr 2023 |
Publication series
| Name | 2023 19th International Conference on the Design of Reliable Communication Networks, DRCN 2023 |
|---|
Conference
| Conference | 19th International Conference on the Design of Reliable Communication Networks, DRCN 2023 |
|---|---|
| Country/Territory | Spain |
| City | Vilanova i la Geltru |
| Period | 17/04/23 → 20/04/23 |
Bibliographical note
Publisher Copyright:© 2023 IEEE.
Keywords
- cloud systems
- forensic analysis
- Hadoop
- HDFS
- Java Heap Analysis
- RAM Analysis