Digital Forensics Compute Cluster (DFORC2) – A New High Speed Distributed Computing Capability for Digital Forensics
Daniel Gonzales, Zev Winkelman, Trung Tran, Ricardo Sanchez, Dulani Woods, John Hollywood
We have developed a new distributed computing capability,
Digital Forensics Compute Cluster (DFORC2) to speed up the
ingestion and processing of digital evidence. DFORC2
parallelizes evidence ingestion and file processing steps. It can
be run on a standalone server or in the Amazon Web Services
(AWS) cloud. When running in a cloud computing
environment, its cluster resources can be dynamically scaled up
or down using Kubernetes. DFORC2 is an open source project
that uses Autopsy, Apache Spark and Kafka, and other open
source software packages. It extends Autopsy’s forensics
capabilities to compute clusters and cloud architectures, so key
digital forensics tasks can be accomplished simultaneously by a
scalable array of cluster compute nodes. In this paper we
compare the performance of a DFORC2 with a standalone
version of Autopsy for evidentiary hard drives of different sizes. Full Text
|