Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 32759
Digital Forensics Compute Cluster: A High Speed Distributed Computing Capability for Digital Forensics

Authors: Daniel Gonzales, Zev Winkelman, Trung Tran, Ricardo Sanchez, Dulani Woods, John Hollywood

Abstract:

We have developed a distributed computing capability, Digital Forensics Compute Cluster (DFORC2) to speed up the ingestion and processing of digital evidence that is resident on computer hard drives. DFORC2 parallelizes evidence ingestion and file processing steps. It can be run on a standalone computer cluster or in the Amazon Web Services (AWS) cloud. When running in a virtualized computing environment, its cluster resources can be dynamically scaled up or down using Kubernetes. DFORC2 is an open source project that uses Autopsy, Apache Spark and Kafka, and other open source software packages. It extends the proven open source digital forensics capabilities of Autopsy to compute clusters and cloud architectures, so digital forensics tasks can be accomplished efficiently by a scalable array of cluster compute nodes. In this paper, we describe DFORC2 and compare it with a standalone version of Autopsy when both are used to process evidence from hard drives of different sizes.

Keywords: Cloud computing, cybersecurity, digital forensics, Kafka, Kubernetes, Spark.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1131996

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1578

References:


[1] S. J. Vaughan-Nichols, “Hard drive technology reaches a turning point,” Computer, vol. 36, no. 12, pp. 21–23, 2003.
[2] “Timeline: 50 Years of Hard Drives,” PCWorld, 13-Sep-2006. (Online). Available: http://www.pcworld.com/article/127105/article.html. (Accessed: 04-Apr-2017).
[3] “Seagate’s 10TB Barracuda Pro is the world’s largest consumer hard drive,” PCWorld, 19-Jul-2016. (Online). Available: http://www.pcworld.com/article/3096292/storage/seagates-10tb-barracuda-pro-is-the-worlds-largest-consumer-hard-drive.html. (Accessed: 04-Apr-2017).
[4] “Autopsy.” (Online). Available: http://www.sleuthkit.org/autopsy/. (Accessed: 28-Jan-2016).
[5] “dc3dd download | SourceForge.net.” (Online). Available: http://sourceforge.net/projects/dc3dd/. (Accessed: 27-Jan-2016).
[6] “Apache Kafka.” (Online). Available: http://kafka.apache.org/index.html. (Accessed: 09-Jun-2015).
[7] “Apache SparkTM - Lightning-Fast Cluster Computing.” (Online). Available: https://spark.apache.org/. (Accessed: 09-Jun-2015).
[8] “PostgreSQL: The world’s most advanced open source database.” (Online). Available: http://www.postgresql.org/. (Accessed: 28-Jan-2016).
[9] “Apache Solr -.” (Online). Available: http://lucene.apache.org/solr/. (Accessed: 05-Apr-2017).
[10] “Amazon EFS Performance - Amazon Elastic File System.” (Online). Available: http://docs.aws.amazon.com/efs/latest/ug/performance.html. (Accessed: 30-Jan-2017).
[11] “Amazon Elastic Block Store (EBS) – Block Storage for EC2,” Amazon Web Services, Inc. (Online). Available: //aws.amazon.com/ebs/. (Accessed: 30-Jan-2017).
[12] “Kubernetes,” Kubernetes. (Online). Available: http://kubernetes.io/. (Accessed: 30-Jan-2017).
[13] “Digital Corpora.”.
[14] “The CFReDS Project.” (Online). Available: https://www.cfreds.nist.gov/. (Accessed: 05-Apr-2017).
[15] “Amazon EC2 FAQs - Amazon Web Services,” Amazon Web Services, Inc. (Online). Available: //aws.amazon.com/ec2/faqs/. (Accessed: 05-Apr-2017).