Chapter 7. Analyzing Hadoop Application Data
The analysis of Hadoop application data is often the primary objective in a Big Data forensic investigation. Hadoop application data is valuable in a Big Data investigation because of the informational content of the data. Unlike traditional forensic investigations, issues such as metadata and file carving are not often applicable to the investigation. Instead, analysis of the data in the context of the investigation is the investigator's primary concern.
Every investigation is different, so the types of analyses performed first depends on the available data and the nature of the investigation. In fraud investigations, the investigator is analyzing data for signs of data manipulation or anomalous conditions shown in the data. In fact-based litigation where Big Data is used to show what occurred such as complaints involving retail sales, the data is analyzed to show that certain events or conditions existed. The investigator must...