Investigation of Android Device for Discovering Hadoop Cloud Storage Artifacts

Abstract

Hadoop Cloud Storage has been embraced by both individuals and organizations as it can offer cost-effective, large capacity storage and multifunctional services on a wide range of device. It is fast raising popularity to access Hadoop Cloud services via Android device. The widespread usage of Hadoop Cloud Storage could create the environment that is potentially conducive to malicious activities and illegal operations. Thus, the investigation of Hadoop Cloud presents the emerging challenge for the digital forensic community. Extracting residual artifacts from the cloud server is potentially difficult due to privacy policies followed by cloud providers. The attached Android device may store useful artifacts to investigate the illegal usages of Hadoop Cloud Storage. This paper utilizes Cloudera Distribution Hadoop (CDH); a popular Hadoop Cloud Storage. This paper conducts a preliminary investigation to locate and extract the residual artifacts from Android device that has accessed the CDH Cloud. The extracted artifacts can assist the forensic examiners in real world Hadoop Cloud forensics. The crime scenario which is extended the Forensic Copra’s crime case is examined under the guide of CDH Forensic Investigation Framework.