摘要
随着信息技术的发展以及各种智能设备的普及,设备的平台多样化使得现有电子数据勘查取证分析装备已不能满足网络和存储技术所需要的高速数据镜像存储和海量数据相关性分析等要求,并表现出操作复杂、效率低等缺陷。设计并实现了一种高效的基于Hadoop的分布式取证系统,它能够支持多介质并行取证的工作场景,并通过调度控制服务将不同的证据介质中的数据存储到不同的分布式数据存储服务器上,每个取证任务运行时都可以独占一个取证介质,从而实现多介质的并行取证分析。实验数据显示,搜索一个2-4GB的文本数据的响应时间可以达到仅0.1s。
With the development and popularization of information technology and intelligence device, the diversity of different device making forensic analysis of existing equipment cannot meet today's networking and storage technology requirements, and exhibit complex operation, low efficiency, on high speed disk image storage and massive data correlation. An efficient distributed forensics system based on Hadoop technique, which can support multiple concurrent media scene forensics work, was designed and implemented, and through the dispatch control services would be evidence of different data storage media to a different distributed data storage server, each forensic task runtime could monopolize a forensic medium to achieve a parallel multiple media forensic analysis. Data show that resoonsible acknowledge duration will be 0.1 s for a 2-4 GB text file.
出处
《电信科学》
北大核心
2014年第1期31-38,共8页
Telecommunications Science
基金
国家"十二五"科技支撑计划基金资助项目(No.2012BAK07B01)