Stuart Laing
Forensic Investigation Using RAM Analysis on the Hadoop Distributed File System
Laing, Stuart; Ludwiniak, Robert; El Boudani, Brahim; Chrysoulas, Christos; Ubakanma, George; Pitropakis, Nikolaos
Authors
Robert Ludwiniak r.ludwiniak@napier.ac.uk
Lecturer
Brahim El Boudani
Dr Christos Chrysoulas C.Chrysoulas@napier.ac.uk
Lecturer
George Ubakanma
Dr Nick Pitropakis N.Pitropakis@napier.ac.uk
Associate Professor
Abstract
The usage of cloud systems is at an all-time high, and with more organizations reaching for Big Data the forensic implications must be analyzed. The Hadoop Distributed File System is widely used both as a cloud service and with organizations implementing it themselves. This paper analyzed the forensic viability of a RAM analysis method for Hadoop based investigations and compared it against targeted process data dumping through the Java heap information. The RAM analysis was done through string searching and the use of the RAM analysis tool Volatility. This work found that RAM analysis can be a valuable tool for discovering artefacts of deleted resources from a Hadoop cluster but was unable to discover further information such as the block to node mapping. The targeted process analysis managed to provide some partial information about deleted resources and produce important metadata on the current state of the file system.
Presentation Conference Type | Conference Paper (Published) |
---|---|
Conference Name | 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN) |
Start Date | Apr 17, 2023 |
End Date | Apr 20, 2023 |
Online Publication Date | Apr 26, 2023 |
Publication Date | 2023 |
Deposit Date | Mar 30, 2023 |
Publicly Available Date | Jun 15, 2023 |
Publisher | Institute of Electrical and Electronics Engineers |
Book Title | 2023 19th International Conference on the Design of Reliable Communication Networks (DRCN) |
DOI | https://doi.org/10.1109/DRCN57075.2023.10108330 |
Keywords | cloud systems, RAM Analysis, Java Heap Analysis, Hadoop, HDFS, forensic analysis |
Files
Forensic Investigation Using RAM Analysis On The Hadoop Distributed File System (accepted version)
(1.1 Mb)
PDF
You might also like
Real-time monitoring of privacy abuses and intrusion detection in android system
(2015)
Presentation / Conference Contribution
A forensic image description language for generating test images.
(2012)
Presentation / Conference Contribution
Cloud-based digital forensics evaluation test (D-FET) platform.
(2011)
Presentation / Conference Contribution
Student perception of on-line lectures with a blended learning environment.
(2010)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search