Distributed Digital Forensics on Pre-Existing Internal Networks

Get BibTex-formatted data

Download

PDF

Author

Jeremiah J Nielsen

Tech report number

CERIAS TR 2013-11

Entry type

mastersthesis

Abstract

Today's large datasets are a major hindrance on digital investigations and have led to a substantial backlog of media that must be examined. While this media sits idle, its relevant investigation must sit idle inducing investigative time lag. This study created a client/server application architecture that operated on an existing pool of internally networked Windows 7 machines. This distributed digital forensic approach helps to address scalability concerns with other approaches while also being financially feasible. Text search runtimes and match counts were evaluated using several scenarios including a 100 GB image with prefabricated data. When compared to FTK 4.1, a 125 times speed up was experienced in the best case while a three times speed up was experienced in the worst case. These rapid search times nearly irrationalize the need to utilize long indexing processes to analyze digital evidence allowing for faster digital investigations.

Download

PDF

Date

2013 – 12 – 6

Key alpha

Nielsen

School

Purdue University

Publication Date

2013-12-06

Location

A hard-copy of this is in REC 216

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Mastersthesis{ Nielsen,
	title = "Distributed Digital Forensics on Pre-Existing Internal Networks",
	author = "Jeremiah J Nielsen",
	year = "2013",
	month = "12",
	school = "Purdue University",
	day = "6",
	abstract = "Today's large datasets are a major hindrance on digital investigations and have led to a substantial backlog of media that must be examined. While this media sits idle, its relevant investigation must sit idle inducing investigative time lag. This study created a client/server application architecture that operated on an existing pool of internally networked Windows 7 machines. This distributed digital forensic approach helps to address scalability concerns with other approaches while also being financially feasible. Text search runtimes and match counts were evaluated using several scenarios including a 100 GB image with prefabricated data. When compared to FTK 4.1, a 125 times speed up was experienced in the best case while a three times speed up was experienced in the worst case. These rapid search times nearly irrationalize the need to utilize long indexing processes to analyze digital evidence allowing for faster digital investigations.",
}