What this book covers

Chapter 1, Starting Out with Forensic Investigations and Big Data, is an overview of both forensics and Big Data. This chapter covers why Big Data is important, how it is being used, and how forensics of Big Data is different from traditional forensics.

Chapter 2, Understanding Hadoop Internals and Architecture, is a detailed explanation of Hadoop's internals and how data is stored within a Hadoop environment.

Chapter 3, Identifying Big Data Evidence, covers the process for identifying relevant data within Hadoop using techniques such as interviews, data sampling, and system reviews.

Chapter 4, Collecting Hadoop Distributed File System Data, details how to collect forensic evidence from the Hadoop Distributed File System (HDFS) using physical and logical collection methods.

Chapter 5, Collecting Hadoop Application Data, examines the processes for collecting evidence from Hadoop applications using logical- and query-based methods. HBase, Hive, and Pig are covered in this chapter.

Chapter 6, Performing Hadoop Distributed File System Analysis, details how to conduct a forensic analysis of HDFS evidence, utilizing techniques such as file carving and keyword analysis.

Chapter 7, Analyzing Hadoop Application Data, covers how to conduct a forensic analysis of Hadoop application data using databases and statistical analysis techniques. Topics such as Benford's law and clustering are discussed in this chapter.

Chapter 8, Presenting Forensic Findings, shows to how to present forensic findings for internal investigations or legal proceedings.