Several steps are taken at the onset of the analysis phase to prepare the forensic environment for the analysis. The first step is to attach a copy of the evidence to the environment in a read-only manner. Because the amount of forensic data is large in a Big Data investigation, the hard drives containing the evidence should be attached to a sufficiently large storage device in the read-only mode. The Big Data analysis environment should be attached to a network-attached storage (NAS), or other large-scale storage solution. Cloud environments are becoming increasingly common in forensic investigations, but the investigator must ensure that proper security measures are in place and that such storage is acceptable for the investigation.
Big Data Forensics: Learning Hadoop Investigations
Big Data Forensics: Learning Hadoop Investigations
Overview of this book
Table of Contents (15 chapters)
Big Data Forensics – Learning Hadoop Investigations
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Starting Out with Forensic Investigations and Big Data
Understanding Hadoop Internals and Architecture
Identifying Big Data Evidence
Collecting Hadoop Distributed File System Data
Collecting Hadoop Application Data
Performing Hadoop Distributed File System Analysis
Analyzing Hadoop Application Data
Presenting Forensic Findings
Index
Customer Reviews