Digital Forensics Compute Cluster (DFORC2) – A New High Speed Distributed Computing Capability for Digital Forensics

Digital Forensics Compute Cluster (DFORC2) – A New High Speed Distributed Computing Capability for Digital Forensics

We have developed a new distributed computing capability, Digital Forensics Compute Cluster (DFORC2) to speed up the ingestion and processing of digital evidence. DFORC2 parallelizes evidence ingestion and file processing steps. It can be run on a standalone server or in the Amazon Web Services (AWS...

Full description

Bibliographic Details
Main Authors: Daniel Gonzales, Zev Winkelman, Trung Tran, Ricardo Sanchez, Dulani Woods, John Hollywood
Format: Article
Language:English
Published: International Institute of Informatics and Cybernetics 2018-02-01
Series:Journal of Systemics, Cybernetics and Informatics
Subjects:
spark
cloud computing
kubernetes
kafka
cybersecurity
digital forensics
Online Access:http://www.iiisci.org/Journal/CV$/sci/pdfs/SA120WT17.pdf
Description
Summary:We have developed a new distributed computing capability, Digital Forensics Compute Cluster (DFORC2) to speed up the ingestion and processing of digital evidence. DFORC2 parallelizes evidence ingestion and file processing steps. It can be run on a standalone server or in the Amazon Web Services (AWS) cloud. When running in a cloud computing environment, its cluster resources can be dynamically scaled up or down using Kubernetes. DFORC2 is an open source project that uses Autopsy, Apache Spark and Kafka, and other open source software packages. It extends Autopsy's forensics capabilities to compute clusters and cloud architectures, so key digital forensics tasks can be accomplished simultaneously by a scalable array of cluster compute nodes. In this paper we compare the performance of a DFORC2 with a standalone version of Autopsy for evidentiary hard drives of different sizes.
ISSN:1690-4524

Similar Items