Big Data Forensics

WARNING: Contents may be more complicated than they appear.

You've got one chance to get it right.

Big data (and the associated tools, such as Hadoop, Spark, Cassandra, HDInsight, MongoDB, Hive, HBase, and CouchDB) brings incredible opportunity to data science and analytics, but also introduces new challenges when it comes to digital forensic investigations.

Properly collecting and analyzing evidence in big data environments requires a thoughtful approach so that accurate, repeatable results can be produced for study or for use in legal proceedings.

Big data forensics can be broken into six phases:

  • Identification. Conducting a search for, recognition of, and documentation of the physical devices potentially containing digital evidence.

  • Collection. Collecting devices identified in the previous phase and transferring them to an analysis facility (physically or virtually).

  • Acquisition. Capturing an image of a source of potential evidence identical to the original.

  • Preservation. Preserving physical and logical evidence integrity.

  • Analysis. Interpreting the data from the evidence acquired.

  • Reporting. Communicating and/or disseminating the results of the investigation.

Trusted, qualified expertise

Rule4 applies its computer science background and forensics analysis credentials to perform thorough forensic analyses of unique big data environments. We have provided expert testimony in numerous court cases and have an impeccable reputation for delivering comprehensive, accurate forensic reports.

We’re a partner you can trust with your big data forensics challenges.

We’re ready to help!

We bring a wealth of experience and a thoughtful approach to a sensitive task.