O'Reilly logo

Big Data Forensics – Learning Hadoop Investigations by Joe Sremack

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

HDFS collections through the host operating system

The host operating system is where many traditional forensic investigations begin and end. The forensic evidence resides in disk storage accessible by the host operating system, which stores metadata about the evidence that cannot be accessed from other layers. The same cannot necessarily be said for Hadoop, but there are methods for collecting HDFS data from the host operating system.

Currently, HDFS is not natively recognized by any of the modern operating systems, so HDFS cannot be natively accessed by the host operating system as a filesystem. HDFS is stored in the host operating system's filesystem, but this information resides in the allocated space that cannot be read from the host operating ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required