Leveraging big data engineering techniques for automated evidence extraction and pattern recognition in cybercrime forensic analysis

Nsor, Michael and Bakare, Felix Adebayo (2025) Leveraging big data engineering techniques for automated evidence extraction and pattern recognition in cybercrime forensic analysis. World Journal of Advanced Research and Reviews, 27 (1). pp. 2532-2553. ISSN 2581-9615

The exponential growth of cybercrime, ranging from identity theft to ransomware and state-sponsored attacks, has overwhelmed traditional digital forensic methodologies. These conventional approaches often rely on manual inspection and isolated system logs, making them time-consuming, error-prone, and insufficient for tracking complex, multi-layered cyber threats. In this context, big data engineering emerges as a transformative enabler for scalable, automated, and intelligent cyber forensic analysis. This paper explores the integration of big data engineering techniques such as distributed data processing, real-time stream analytics, NoSQL-based evidence repositories, and parallelized machine learning algorithms for automating evidence extraction and uncovering hidden patterns in massive, heterogeneous datasets. A foundational framework is proposed, combining Hadoop and Spark ecosystems with forensic tools to manage and analyze unstructured, semi-structured, and structured digital evidence originating from diverse sources including logs, emails, file systems, and network packets. Through case-driven evaluation, we demonstrate how the system can detect behavioral anomalies, correlate time-sensitive events across systems, and extract digital artifacts with minimal human intervention. Particular focus is given to the scalability of the architecture, forensic integrity of the data pipeline, and legal admissibility of the outputs. The paper further discusses the challenges of maintaining chain-of-custody and privacy compliance in a high-throughput forensic environment. By bridging big data engineering and digital forensics, this study positions automated pattern recognition and evidence extraction as central to the next generation of cybercrime investigation tools. The resulting framework enhances operational efficiency, investigative depth, and the ability to respond to increasingly sophisticated cyber threats.