Real-time digital forensic triaging for cloud data analysis using MapReduce on Hadoop framework

Cloud computing is a relatively new model in the computing world after several computing paradigms like personal, ubiquitous, grid, mobile, and utility computing. Cloud computing is synonymous with virtualisation which is about creating virtual versions of the hardware platform, the operating system or the storage devices. Virtualisation is omnipresent in the cloud environment that poses challenges to implementation of security as well as cybercrime investigation. Techniques used in traditional digital forensics may not be appropriate for timely analysis of large capacity virtual hard disk files. Hence, there is a need for reducing analysis time for cloud crime cases like child pornography, financial frauds, etc. In this paper, we designed and developed a new 'real-time digital forensic analysis process' to minimise the overall processing time of evidence. Using this approach, the investigator can search user specified patterns (for example headers, footers), which can also be used for carving files from evidence data.