Scalable performance for a forensic database application
by Mattijs Ugen
As digital forensic investigations deal with more and more data, the Netherlands Forensic Institute, NFI, foresees scalability issues with the current solution in the near future. Following the global trend towards distributed solutions for 'Big data' problems, the NFI wants to find a suitable architecture to replace the currently used XIRAF system. Using experimental implementations on top of a selection of distributed data stores, we present query performance timings in three different scaling dimensions: cluster size, working set size and the amount of parallel clients. We present that scaling characteristics for parallel clients show a linear trend, but proves hard to measure for the other dimensions. A distributed search engine architecture proves the best candidate for the NFI, warranting closer investigation in that area for a real-world deployment.