CIO

Big data for IT forensics

Besides using traditional eDiscovery tools, IT forensic experts are turning towards big data for a comprehensive approach to speed up analysis.
  • Sheila Lam (Unknown Publication)
  • 06 August, 2013 18:28

One of the earlier business applications to analyze massive volume of data from a variety of sources is IT forensics. Besides using traditional eDiscovery tools to handle unstructured data and analytical tools to analyze transactional data separately, IT forensic experts are turning towards big data for a comprehensive approach to speed up analysis.

"Historically, when you look at forensic technologies, you look at two work streams [unstructured and structured data analysis]," said Torsten Duwenhorst, partner, forensic technology and discovery services at Ernst & Young (E&Y). "What we've seen in the past few years is a combination of both in a more holistic approach."

Classic forensic analysis requires the review, correlation and analysis of multiple data sources that are usually not integrated. But with big data technology development, Duwenhorst said more tools that were traditionally used to only analyze structured data are being used to also process unstructured data.

The Hong Kong-based forensic expert noted that such holistic approach of data analysis is also taking IT forensic investigation projects to new heights. Through building a customized IT forensic risk analysis model for a client--a financial firm in Asia--E&Y was able to help this firm to identify potential fraud and inefficiency.

"They realized a few financial products were used mainly by some individuals to defraud the company," he said. With a minimal business revenue contribution, the financial firm decided to discontinue these products to improve its overall business performance. "The fraud investigation project for a specific country is also now leading to business performance improvement initiative across the region," Duwenhorst said.

Instant response

"Moving forward, the challenge [of IT forensics] will be going through the sheer volume of data," he added.

With increased volumes and variety of data, Duwenhorst said the traditional data analytical platform is approaching its limit. Big data technologies like Hadoop, an open-source software framework that supports data-intensive distributed applications, are expected to speed up the performance. "The ceiling is coming down on us and we need to look at more data faster," he said.

To help forensic analysis review the massive volume of data, Duwenhorst said the firm plans to extend its Hadoop implementation from the US into greater China. He added that the Hadoop platform in greater China is also expected to help analyze data that is hosted and legally required to be resident within China.

"With the sheer amount of data, the ability to efficiently process and search data in a reasonable time and cost-effective manner isn't possible without Hadoop," Duwenhorst concluded.