Publication Details

Extrakce událostí ze souborových systémů - Návrh a implementace distribuované architektury

BURGET Radek and RYCHLÝ Marek. Extrakce událostí ze souborových systémů - Návrh a implementace distribuované architektury. FIT-TR-2020-08, Brno: Faculty of Information Technology BUT, 2020.
English title
Event Extraction from Filesystems - Design and Implementation of a Distributed Architecture
Type
technical report
Language
czech
Authors
Burget Radek, doc. Ing., Ph.D. (DIFS FIT BUT)
Rychlý Marek, RNDr., Ph.D. (DIFS FIT BUT)
Keywords

forensic analysis, timeline analysis, Apache Hadoop

Abstract

Extraction of time-stamped events from local file systems is a key step in the reconstruction of the timeline, which tells about the use of the device (computer, USB drive, etc.) in the past. Existing event extraction tools are, without exception, designed to run on a single local computer. Due to the available capacity of current hard disks and other storage devices, the analysis of the included file systems is very time consuming. In this document, we therefore describe the design, implementation and experimental evaluation of a new, distributed solution that allows the event extraction process to be spread over a large number of computing nodes. This makes it possible to increase the efficiency of the whole process and at the same time integrate the obtained results with data from other sources into a common timeline.

Published
2020
Pages
21
Publisher
Faculty of Information Technology BUT
Place
FIT-TR-2020-08, Brno, CZ
BibTeX 
@TECHREPORT{FITPUB12303,
   author = "Radek Burget and Marek Rychl\'{y}",
   title = "Extrakce ud\'{a}lost\'{i} ze souborov\'{y}ch syst\'{e}m\r{u} - N\'{a}vrh a implementace distribuovan\'{e} architektury",
   pages = 21,
   year = 2020,
   location = "FIT-TR-2020-08, Brno, CZ",
   publisher = "Faculty of Information Technology BUT",
   language = "czech",
   url = "https://www.fit.vut.cz/research/publication/12303"
}
Back to top