BigSnarf blog

Infosec FTW

Memory Forensics with MapReduce Framework and Hadoop

Screen Shot 2013-03-06 at 3.39.35 AM

If its possible to process PCAPs, and process disk forensics with Hadoop. Its possible to process Memory Forensics images of RAM as well using Hadoop/MapReduce framework. Maybe you can process 1000 images in a cluster for hive analysis or process Indicators of Compromise (IOC) at scale as routine workflow for DFIR. The Bigsnarf vision coming together from a napkin drawing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: