Big data forensics--learning Hadoop investigations : perform forensic investigations on Hadoop clusters with cutting-edge tools and techniques / Joe Sremack.

Online resource; title from cover (Safari, viewed September 20, 2015).

Includes index.

Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Starting Out with Forensic Investigations and Big Data; Computer forensics overview; The forensic process; Identification; Collection; Analysis; Presentation; Other investigation considerations; Equipment; Evidence management; Investigator training and certification; The post-investigation process; What is Big Data?; The four Vs of Big Data; Big Data architecture and concepts; Big Data forensics; Metadata preservation; Collection methods; Collection verification; Summary.

Chapter 2: Understanding Hadoop Internals and ArchitectureThe Hadoop architecture; The components of Hadoop; The Hadoop Distributed File System; The Hadoop configuration files; Hadoop daemons; Hadoop data analysis tools; Hive; HBase; Pig; Managing files in Hadoop; File permissions; Trash; Log files; File compression and splitting; Hadoop SequenceFile; The Hadoop archive files; Data serialization; Packaged jobs and JAR files; The Hadoop forensic evidence ecosystem; Running Hadoop; LightHadoop; Amazon Web Services; Loading Hadoop data; Importing sample data for testing; Summary.

Chapter 3: Identifying Big Data EvidenceIdentifying evidence; Locating sources of data; Compiling data requirements; Reviewing the system architecture; Interviewing staff and reviewing the documentation; Assessing data viability; Identify data sources in noncooperative situations; Data collection requirements; Data source identification; Structured and unstructured data; Data collection types; In-house or third-party collection; An investigator-led collection; The chain of custody documentation; Summary; Chapter 4: Collecting Hadoop File System Data; Forensically collecting a cluster system.

Physical versus remote collectionsHDFS collections through the host operating system; Imaging the host operating system; Imaging a mounted HDFS partition; Targeted collection from a Hadoop client; The Hadoop shell command collection; Collecting HDFS files; HDFS targeted data collection; Hadoop Offline Image and Edits Viewers; Collection via Sqoop; Other HDFS collection approaches; Summary; Chapter 5: Collecting Hadoop Application Data; Application collection approaches; Backups; Query extractions; Script extractions; Software extractions; Validating application collections.

Collecting Hive evidenceLoading Hive data; Identifying Hive evidence; Hive backup collection; Hive query collection; Hive query control totals; Hive metadata and log collection; The Hive script collection; Collecting HBase evidence; Loading HBase data; Identifying HBase evidence; The HBase backup collection; The HBase query collection; HBase collection via scripts; HBase control totals; HBase metadata and log collection; Collecting other Hadoop application data and non-Hadoop data; Summary; Chapter 6: Performing Hadoop File System Analysis; The forensic analysis process.

eBooks on EBSCOhost EBSCO eBook Subscription Academic Collection - Worldwide