A new technique for file carving on hadoop ecosystem
Other Title(s)
تقنية جديدة لاستعادة البيانات في بيئة النظام هادوب
Dissertant
Thesis advisor
University
Princess Sumaya University for Technology
Faculty
King Hussein Faculty for Computing Sciences
Department
Information Systems Security and Digital Criminology
University Country
Jordan
Degree
Master
Degree Date
2018
English Abstract
In digital forensics and investigation, the need of retrieving, recovering, or carving the user’s files is very important due to the significance of the pieces of evidences that will be obtained and delivered to the court.
Moreover, with the presence of big data concepts; the huge volume of data will help the investigators and the judicial system to make the proper decision based on the evidence obtained from the big data system.
Using data recovery technique can help the investigators recover deleted and/or present data in the file system, which works normally based on its metadata.
However, if the file system is corrupted, file carving technique is one of most recent techniques that is used to retrieve the important data from unallocated space in a corrupted file system.
In the traditional operating systems, such as Windows or Linux that have a small size of the hard disk to store data, the researchers implemented many file carving techniques to carve a specific type of files (e.g.
PDF, JPEG...
etc.).
However, with the presence of a specially designed file system that stores a huge volume of data, namely Hadoop Distributed File System (HDFS), the carving techniques should be established to recover the minimum amount of data corrupted by attackers considering the HDFS capabilities.
This research has been conducted to carve the minimum amount of stored data in the HDFS file system to help the investigators benefit from the significant information obtained.
A framework is proposed to demonstrate the new carving methodology, which has been used to perform the file carving on different and the most possible scenarios that happen in the digital forensic cases.
More specifically, the proposed data recovery technique covers the recovering of the FSImage file, which is the heart of the HDFS file system, to recover the stored JPEG files.
Furthermore, the carving technique covers the scenarios related to carving JPEG files by taking into consideration three scenarios: firstly: corrupting the JPEG files data by 10% of the JPEG file size.
Secondly, corrupting the JPEG files data by 20% of the JPEG file size.
Finally, corrupting the JPEG file’s footer to carve the minimum amount of data even if, intentionally, the attackers corrupt the footers.
The experiments on all of these scenarios show that the proposed technique yields high accuracy, which is proven via off-the-shelf clustering and matching techniques.
Main Subjects
Information Technology and Computer Science
Topics
No. of Pages
96
Table of Contents
Table of contents.
Abstract.
Abstract in Arabic.
Chapter One : Introduction.
Chapter Two : The background.
Chapter Three : Related work.
Chapter Four : Carving JPEG files methodology.
Chapter Five : Experiments and results.
Chapter Six : Conclusion, and future work.
References.
American Psychological Association (APA)
al-Shammari, Isra Husayn. (2018). A new technique for file carving on hadoop ecosystem. (Master's theses Theses and Dissertations Master). Jordan
https://search.emarefa.net/detail/BIM-833367
Modern Language Association (MLA)
al-Shammari, Isra Husayn. A new technique for file carving on hadoop ecosystem. (Master's theses Theses and Dissertations Master). (2018).
https://search.emarefa.net/detail/BIM-833367
American Medical Association (AMA)
al-Shammari, Isra Husayn. (2018). A new technique for file carving on hadoop ecosystem. (Master's theses Theses and Dissertations Master). Jordan
https://search.emarefa.net/detail/BIM-833367
Language
English
Data Type
Arab Theses
Record ID
BIM-833367
