Research Article
Automating the Flow of Data Between Digital Forensic Tools Using Apache NiFi
@INPROCEEDINGS{10.1007/978-3-031-36574-4_26, author={Xiaoyu Du and Francis N. Nwebonyi and Pavel Gladyshev}, title={Automating the Flow of Data Between Digital Forensic Tools Using Apache NiFi}, proceedings={Digital Forensics and Cyber Crime. 13th EAI International Conference, ICDF2C 2022, Boston, MA, November 16-18, 2022, Proceedings}, proceedings_a={ICDF2C}, year={2023}, month={7}, keywords={Digital Forensics Automated Digital Evidence Processing Apache NiFi}, doi={10.1007/978-3-031-36574-4_26} }- Xiaoyu Du
Francis N. Nwebonyi
Pavel Gladyshev
Year: 2023
Automating the Flow of Data Between Digital Forensic Tools Using Apache NiFi
ICDF2C
Springer
DOI: 10.1007/978-3-031-36574-4_26
Abstract
In digital forensics, sources of digital evidence range from computer disk drives, memories, mobile phones, network dumps, and all kinds of IoT devices, etc. Therefore, different tools are required for digital evidence collection and analysis from various sources. Even though each tool works automatically, data from one tool to another often need to be prepared manually. This paper introduces a NiFi-based solution that enables automatically moving data between digital forensic tools, reducing manual work in practice. A DataFlow designed in NiFi can monitor and fetch the input data, pre-processing the data and run digital forensic tools for data analytics. Besides, NiFi can also be used for remote evidence acquisition and data sharing between law enforcement agencies (LEAs). This paper also presents a couple of use cases of using NiFi for digital evidence processing: they are 1) file carving, 2) NSRL (National Software Reference Library) hash lookup, 3) categorising files by MIME type, and 4) IoT logs parsing.
