Journal of Systemics, Cybernetics and Informatics (Feb 2018)
Digital Forensics Compute Cluster (DFORC2) – A New High Speed Distributed Computing Capability for Digital Forensics
Abstract
We have developed a new distributed computing capability, Digital Forensics Compute Cluster (DFORC2) to speed up the ingestion and processing of digital evidence. DFORC2 parallelizes evidence ingestion and file processing steps. It can be run on a standalone server or in the Amazon Web Services (AWS) cloud. When running in a cloud computing environment, its cluster resources can be dynamically scaled up or down using Kubernetes. DFORC2 is an open source project that uses Autopsy, Apache Spark and Kafka, and other open source software packages. It extends Autopsy's forensics capabilities to compute clusters and cloud architectures, so key digital forensics tasks can be accomplished simultaneously by a scalable array of cluster compute nodes. In this paper we compare the performance of a DFORC2 with a standalone version of Autopsy for evidentiary hard drives of different sizes.
