Tech Refresh for the Forensic Analysis Toolkit
SANS Institute has released a fresh white paper by Derek Edwards. Here is the abstract:
The most widely used commercial forensic tools have not undergone major architectural change since their market introduction in the late 1990s. Meanwhile, architectural change elsewhere has brought fast, powerful and inexpensive search, data visualization, and collaboration capabilities to users of all ages and computing experience levels. If the Internet is being indexed for search, could not forensic images be likewise indexed also? Could there potentially be relief from image size limits and storage barriers? Could forensic analysis be performed faster? What are the risks? “Big data” open-source tools like Apache Hadoop, Apache HBase and Apache Spark were used to develop a new architectural foundation proof of concept for digital forensics. While this framework did not improve performance on tasks that require serial processing, like hashing images for verification hashes, it has shown improved performance on a basic parsing task – finding ASCII strings.