Browse > Article
http://dx.doi.org/10.3745/KTCCS.2017.6.2.95

Digital Forensic Investigation of HBase  

Park, Aran (고려대학교 정보보호대학원 정보보호학과)
Jeong, Doowon (고려대학교 정보보호대학원 정보보호학과)
Lee, Sang Jin (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.6, no.2, 2017 , pp. 95-104 More about this Journal
Abstract
As the technology in smart device is growing and Social Network Services(SNS) are becoming more common, the data which is difficult to be processed by existing RDBMS are increasing. As a result of this, NoSQL databases are getting popular as an alternative for processing massive and unstructured data generated in real time. The demand for the technique of digital investigation of NoSQL databases is increasing as the businesses introducing NoSQL database in their system are increasing, although the technique of digital investigation of databases has been researched centered on RDMBS. New techniques of digital forensic investigation are needed as NoSQL Database has no schema to normalize and the storage method differs depending on the type of database and operation environment. Research on document-based database of NoSQL has been done but it is not applicable as itself to other types of NoSQL Database. Therefore, the way of operation and data model, grasp of operation environment, collection and analysis of artifacts and recovery technique of deleted data in HBase which is a NoSQL column-based database are presented in this paper. Also the proposed technique of digital forensic investigation to HBase is verified by an experimental scenario.
Keywords
HBase; NoSQL; Database Forensic; Digital Forensic; Hadoop;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 B. Choi, J. H. Kong, S. S. Hong, and M. M. Han, "The Method of Analyzing Firewall Log Data using MapReduce based on NoSQL," Journal of the Korea Institute of Information Security and Cryptology, Vol. 23, No. 4, pp. 667-677, 2013.   DOI
2 J. S. Lee and S. C. Hong, "Study on the Application Methods of Big Data at a Corporation," Journal of the Korea Institute of Information Security and Cryptology, Vol. 15, No. 1, pp. 103-112, 2014.
3 H. K. Khanuja, and D. S. Adane, "A Framework For Database Forensic Analysis," Computer Science & Engineering: An International Journal (CSEIJ), Vol. 2, No. 3, 2012.
4 A. Aldhaqm, S. A. Razak, S. H. Othman, A. Ali, and A. Ngadi, "Conceptual Investigation Process Model for Managing Database Forensic Investigation Knowledge," Sciences, Engineering and Technology, Vol. 12, No. 4, pp. 386-394, 2016.
5 K. E. Pavlou, and R. T. Snodgrass, "Forensic Analysis of Database Tampering," ACM Transactions on Database Systems (TODS), Vol. 33, Iss.4, pp. 1-45, 2008.
6 J. H. Choi, D. W. Jeong, and S. J. Lee, "The method of recovery for deleted record in Oracle Database," Journal of The Korea Institute of Information Security & Cryptology(JKIISC), Vol. 23, No. 5, pp. 947-955, 2013.   DOI
7 O. M. Adedayo and M. S. Olivier, "Ideal log setting for database forensics reconstruction," Digital Investigation, Vol. 12, pp. 27-40, 2015.   DOI
8 J. S. Yoon, D. W. Jung, C. H. Kang, and S. J. Lee, "Digital Forensic Investigation of MongoDB," Journal of the Korea Institute of Information Security and Cryptology, Vol. 24, No. 1, pp. 123-134, 2014.   DOI
9 J. M. Choi, D. W. Jung, J. S. Yoon, and S. J. Lee, "Digital Forensics Investigation of Redis Database," KIPS Transactions on Computer and Communication Systems, Vol. 5, No. 5, pp. 117-126, 2016.   DOI
10 F. C., J. Dean, S. Ghemawat, W. C. Hsieh, D. A. Wallach, M. Burrows, T. Chandra, A. Fikes, and R. E. Gruber, "Bigtable: A Distributed Storage System for Structured Data," Transactions on Computer Systems (TOCS), Vol. 26 Iss.2, pp. 205-218, 2008.
11 G. Xiaoming, and Q. Judy, "Scalable inverted indexing on NoSQL table storage," Technical Report, Jan., 2013.
12 S. W. Seo, Hadoop & NoSQL for analyzing and processing big data, in Gilbut, p.401.
13 T. Harter, D. Borthakur, S. Dong, A. Aiyer, L. Tang, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau, "Analysis of hdfs under hbase: A facebook messages case study," in Proceedings of the 12th USENIX Conference on File and Storage Technologies (FAST 14), pp. 199-212, 2014.
14 Hadoop Commands [Internet], https://hadoop.apache.org/docs/r2.4.1/hadoop-project-dist/hadoop-common/FileSystemShell.html.
15 D. C. Lee, and S. J. Lee, "Research of organized data extraction method for digital investigation in relational database system," Journal of the Korea Institute of Information Security and Cryptology, Vol. 22, No. 3, pp. 565-573 (9 pages), 2012.
16 A. B. M. Moniruzzaman and S. A. Hossain, "NoSQL Database: New Era of Databases for Big data Analytics-Classification, Characteristics and Comparison," International Journal of Database Theory and Application, Vol. 6, No. 4. pp. 1-13, 2013.
17 J. S. Yoon, D. W. Jung, C. H. Kang, and S. J. Lee, "Forensic investigation framework for the document store NoSQL DBMS: MongoDB as a case study," Digital Investigation, Vol. 17, pp. 53-65, 2016.   DOI
18 G. Harrison, "Data Models and Storage," Next Generation Databases, pp. 145-166, 2015.
19 L. George, "HBase : The Definitive Guide, O'Reilly Media, Inc.," pp. 333-334, 2011.
20 H. Zhuang, K. Lu, C. Li, M. Sun, H. Chen, and X. Zhou, "Design of A More Scalable Database System," IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp. 1213-1216, 2015.
21 R. Cattell, "Scalable SQL and NoSQL data stores," Acm Sigmod Record, Vol. 39, No. 4, pp. 12-27, 2011.   DOI