Book Image

Big Data Forensics: Learning Hadoop Investigations

Book Image

Big Data Forensics: Learning Hadoop Investigations

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Big Data Forensics: Learning Hadoop Investigations
Aug, 2015 | 264 pages
No titles found
Table of Contents (15 chapters)
Big Data Forensics – Learning Hadoop Investigations
Big Data Forensics – Learning Hadoop Investigations
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Starting Out with Forensic Investigations and Big Data
Starting Out with Forensic Investigations and Big Data
An overview of computer forensics
What is Big Data?
Big Data forensics
Summary
2
Understanding Hadoop Internals and Architecture
Understanding Hadoop Internals and Architecture
The Hadoop architecture
Hadoop data analysis tools
Managing files in Hadoop
The Hadoop forensic evidence ecosystem
Running Hadoop
Summary
3
Identifying Big Data Evidence
Identifying Big Data Evidence
Identifying evidence
Locating sources of data
The chain of custody documentation
Summary
4
Collecting Hadoop Distributed File System Data
Collecting Hadoop Distributed File System Data
Forensically collecting a cluster system
Physical versus remote collections
HDFS collections through the host operating system
The Hadoop shell command collection
Collection via Sqoop
Other HDFS collection approaches
Summary
5
Collecting Hadoop Application Data
Collecting Hadoop Application Data
Application collection approaches
Validating application collections
Collecting Hive evidence
Collecting HBase evidence
Collecting other Hadoop application data and non-Hadoop data
Summary
6
Performing Hadoop Distributed File System Analysis
Performing Hadoop Distributed File System Analysis
The forensic analysis process
Analysis preparation
Analysis
Summary
7
Analyzing Hadoop Application Data
Analyzing Hadoop Application Data
Preparing the analysis environment
Pre-analysis steps
Analyzing data
Summary
8
Presenting Forensic Findings
Presenting Forensic Findings
Types of reports
Developing the report
Testimony and other presentations
Summary
Index
Index

Collection via Sqoop

Sqoop is an Apache Foundation package designed to transfer bulk data from HDFS to relational databases. As a data migration tool, Sqoop is used to transfer data to and from HDFS. The primary purpose for Sqoop is to serve as a utility for transferring data between data warehouses and Hadoop clusters. It can also be used as a forensic tool when HDFS data can be exported as relational data.

Sqoop reads data from HDFS and transfers the data to a relational database. It reads entire directories of files and then parses them based on specified delimiters and qualifiers. Sqoop imports the parsed data into databases using a series of INSERT commands. It then tracks errors and exceptions and reports on any such failed inserts.

Sqoop imports data into the following databases:

  • HSQLDB

  • MySQL

  • Oracle

  • PostgreSQL

Other databases are supported via Sqoop connectors, including MS SQL Server.

To export HDFS data to a relational database using Sqoop, the investigator runs Sqoop from a machine that...

Previous Section
End of Section 6
Next Section