Automating the flow of data between digital forensic tools using Apache NiFi

Du, X, Nwebonyi, F.N ORCID: 0000-0003-1566-2560 and Gladyshev, P (2023) 'Automating the flow of data between digital forensic tools using Apache NiFi.' In: Goel, S, Gladyshev, P, Nikolay, A, Markowsky, G and Johnson, D, eds. Digital forensics and cyber crime: 13th EAI International Conference, ICDF2C 2022, Boston, MA, November 16-18, 2022, proceedings. Springer, Cham, pp. 435-452. ISBN 9783031365744

Abstract

In digital forensics, sources of digital evidence range from computer disk drives, memories, mobile phones, network dumps, and all kinds of IoT devices, etc. Therefore, different tools are required for digital evidence collection and analysis from various sources. Even though each tool works automatically, data from one tool to another often need to be prepared manually. This paper introduces a NiFi-based solution that enables automatically moving data between digital forensic tools, reducing manual work in practice. A DataFlow designed in NiFi can monitor and fetch the input data, pre-processing the data and run digital forensic tools for data analytics. Besides, NiFi can also be used for remote evidence acquisition and data sharing between law enforcement agencies (LEAs). This paper also presents a couple of use cases of using NiFi for digital evidence processing: they are 1) file carving, 2) NSRL (National Software Reference Library) hash lookup, 3) categorising files by MIME type, and 4) IoT logs parsing.

Item Type:	Book Chapter or Section
UN SDGs:	Goal 9: Industry, Innovation and Infrastructure
Divisions:	Bath School of Design
Date Deposited:	20 Mar 2025 15:41
Last Modified:	20 Mar 2025 15:41
URI / Page ID:	https://researchspace.bathspa.ac.uk/id/eprint/16852

	Request a change to this item or report an issue
	Update item (repository staff only)