Scaling bulk data analysis with mapreduce
| dc.contributor.advisor | McCarrin, Michael | |
| dc.contributor.advisor | Stefanou, Marcus S. | |
| dc.contributor.author | Andrzejewski, Timothy J. | |
| dc.contributor.department | Computer Science (CS) | |
| dc.date | Sep-17 | |
| dc.date.accessioned | 2017-11-07T23:39:28Z | |
| dc.date.available | 2017-11-07T23:39:28Z | |
| dc.date.issued | 2017-09 | |
| dc.description.abstract | Between 2005 and 2015, the world population grew by 11% while hard drive capacity grew by 95%. Increased demand for storage combined with decreasing costs presents challenges for digital forensic analysts working within tight time constraints. Advancements have been made to current tools to assist the analyst, but many require expensive specialized systems, knowledge and software. This thesis provides a method to address these challenges through distributed analysis of raw forensic images stored in a distributed file system using open-source software.We develop a proof-of-concept tool capable of counting unique bytes in a 116 TiB corpus of drives in 1 hour 41 minutes, demonstrating a peak throughput of 18.33 GiB/s on a 25-node Hadoop cluster. Furthermore, we demonstrate the ability to perform email address extraction on the corpus in 2 hours 5 minutes, for a throughput of 15.84 GiB/s, a result that compares favorably to traditional email address extraction methods, which we estimate to run with a throughput of approximately 91 MiB/s on a 24-core production server. Primary contributions to the forensic community are: 1) a distributed, scalable method to analyze large data sets in a practical timeframe, 2) a MapReduce program to count unique bytes of any forensic image, and 3) a MapReduce program capable of extracting 233 million email addresses from a 116 TiB corpus in just over two hours. | en_US |
| dc.description.distributionstatement | Approved for public release; distribution is unlimited. | |
| dc.description.service | Civilian, Department of the Navy | en_US |
| dc.description.uri | http://archive.org/details/scalingbulkdatan1094556132 | |
| dc.identifier.uri | https://hdl.handle.net/10945/56132 | |
| dc.publisher | Monterey, CA; Naval Postgraduate School | |
| dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
| dc.subject.author | hadoop | en_US |
| dc.subject.author | mapreduce | en_US |
| dc.subject.author | digital forensics | en_US |
| dc.subject.author | bulk data analysis | en_US |
| dc.subject.author | bulk_extractor | en_US |
| dc.subject.author | distributed digital forensics | en_US |
| dc.subject.author | data mining | en_US |
| dc.subject.author | big data | en_US |
| dc.title | Scaling bulk data analysis with mapreduce | en_US |
| dc.type | Thesis | en_US |
| dspace.entity.type | Publication | |
| etd.thesisdegree.discipline | Computer Science | en_US |
| etd.thesisdegree.grantor | Naval Postgraduate School | en_US |
| etd.thesisdegree.level | Masters | en_US |
| etd.thesisdegree.name | Master of Science in Computer Science | en_US |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- 17Sep_Andrzejewski_Timothy.pdf
- Size:
- 2.1 MB
- Format:
- Adobe Portable Document Format