Distributed Digital Forensics on Pre-existing Internal Networks

Author

Jeremiah Jens Nielsen, Purdue UniversityFollow

Date of Award

2013

Degree Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer and Information Technology

First Advisor

Marcus K. Rogers

Committee Chair

Marcus K Rogers

Committee Member 1

John A. Springer

Committee Member 2

Thomas J. Hacker

Abstract

Today's large datasets are a major hindrance on digital investigations and have led to a substantial backlog of media that must be examined. While this media sits idle, its relevant investigation must sit idle inducing investigative time lag. This study created a client/server application architecture that operated on an existing pool of internally networked Windows 7 machines. This distributed digital forensic approach helps to address scalability concerns with other approaches while also being financially feasible. Text search runtimes and match counts were evaluated using several scenarios including a 100 GB image with prefabricated data. When compared to FTK 4.1, a 125 times speed up was experienced in the best case while a three times speed up was experienced in the worst case. These rapid search times nearly irrationalize the need to utilize long indexing processes to analyze digital evidence allowing for faster digital investigations.

Recommended Citation

Nielsen, Jeremiah Jens, "Distributed Digital Forensics on Pre-existing Internal Networks" (2013). Open Access Theses. 135.
https://docs.lib.purdue.edu/open_access_theses/135