A new technique for file carving on hadoop ecosystem

العناوين الأخرى

تقنية جديدة لاستعادة البيانات في بيئة النظام هادوب

مقدم أطروحة جامعية

al-Shammari, Isra Husayn

مشرف أطروحة جامعية

al-Nuaymat, Ghazi

الجامعة

جامعة الأميرة سمية للتكنولوجيا

الكلية

كلية الملك الحسين لعلوم الحوسبة

القسم الأكاديمي

أمن نظم المعلومات و الجرائم الرقمية

دولة الجامعة

الأردن

الدرجة العلمية

ماجستير

تاريخ الدرجة العلمية

2018

الملخص الإنجليزي

In digital forensics and investigation, the need of retrieving, recovering, or carving the user’s files is very important due to the significance of the pieces of evidences that will be obtained and delivered to the court.

Moreover, with the presence of big data concepts; the huge volume of data will help the investigators and the judicial system to make the proper decision based on the evidence obtained from the big data system.

Using data recovery technique can help the investigators recover deleted and/or present data in the file system, which works normally based on its metadata.

However, if the file system is corrupted, file carving technique is one of most recent techniques that is used to retrieve the important data from unallocated space in a corrupted file system.

In the traditional operating systems, such as Windows or Linux that have a small size of the hard disk to store data, the researchers implemented many file carving techniques to carve a specific type of files (e.g.

PDF, JPEG...

etc.).

However, with the presence of a specially designed file system that stores a huge volume of data, namely Hadoop Distributed File System (HDFS), the carving techniques should be established to recover the minimum amount of data corrupted by attackers considering the HDFS capabilities.

This research has been conducted to carve the minimum amount of stored data in the HDFS file system to help the investigators benefit from the significant information obtained.

A framework is proposed to demonstrate the new carving methodology, which has been used to perform the file carving on different and the most possible scenarios that happen in the digital forensic cases.

More specifically, the proposed data recovery technique covers the recovering of the FSImage file, which is the heart of the HDFS file system, to recover the stored JPEG files.

Furthermore, the carving technique covers the scenarios related to carving JPEG files by taking into consideration three scenarios: firstly: corrupting the JPEG files data by 10% of the JPEG file size.

Secondly, corrupting the JPEG files data by 20% of the JPEG file size.

Finally, corrupting the JPEG file’s footer to carve the minimum amount of data even if, intentionally, the attackers corrupt the footers.

The experiments on all of these scenarios show that the proposed technique yields high accuracy, which is proven via off-the-shelf clustering and matching techniques.

التخصصات الرئيسية

تكنولوجيا المعلومات وعلم الحاسوب

الموضوعات

• برمجيات مفتوحة المصدر
• استرجاع المعلومات
• البيانات

عدد الصفحات

96

قائمة المحتويات

• APA
• MLA
• AMA

لغة النص

الإنجليزية

نوع البيانات

رسائل جامعية

رقم السجل

BIM-833367