A Framework for Database Forensic Analysis
Harmeet Kaur Khanuja
- 30 Jun 2012
Vol. 2, Iss: 3, pp 27-41
TL;DR: A framework is proposed for analyzing and reconstructing the activity of any unsuspicious behaviour within database to identify, collect, analyze, validate, interpret, generate forensic report and preserve the evidence for digital investigations.
read more
Abstract: Information security policy demands auditing for the high performance databases for ensuring data integrity and also to detect database tampering if any. Relational database uses auditing capabilities, which involves examination of information and operations for accuracy, legality and propriety to report risks and to make recommendations to promote sound-operating practices. Database auditing is the process to be carried out on continuous basis. This records and analyzes the database activity for reporting on some period. But the database can be tampered deliberately or accidentally by authorized or unauthorized users at any instance bypassing auditing system too. The suspected behaviour with invalid access to the database must be inspected and analyzed further with database forensics. In this research paper a framework is proposed for analyzing and reconstructing the activity of any unsuspicious behaviour within database. The purpose is to identify, collect, analyze, validate, interpret, generate forensic report and preserve the evidence for digital investigations. To prove in the concept, the database MySQL database 5.5 is studied and analyzed for this proposed framework.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
CDBFIP: Common Database Forensic Investigation Processes for Internet of Things
Arafat Al-Dhaqm,Shukor Abd Razak,Siti Hajar Othman,Kim-Kwang Raymond Choo,William Bradley Glisson,Abdulalem Ali,Mohammad Abrar +6 more
TL;DR: This paper proposes common database forensic investigation processes using a design science research approach that allows the reconciliation of the concepts and terminologies of all common database forensics investigation processes and facilitates the sharing of knowledge on database Forensic investigation among domain newcomers, users, and practitioners.
61
Categorization and Organization of Database Forensic Investigation Processes
Arafat Al-Dhaqm,Shukor Abd Razak,David A. Dampier,Kim-Kwang Raymond Choo,Kamran Siddique,Richard Adeyemi Ikuesan,Abdulhadi Alqarni,Victor R. Kebande +7 more
TL;DR: This paper builds on the existing literature to present a harmonized DBFI process using design science research methodology, designed to avoid confusion or ambiguity, as well as providing practitioners with a systematic method of performing DBFI with a higher degree of certainty.
Development and validation of a Database Forensic Metamodel (DBFM).
Arafat Al-Dhaqm,Arafat Al-Dhaqm,Shukor Abd Razak,Siti Hajar Othman,Asri Ngadi,Mohammed Nazir Ahmed,Abdulalem Ali Mohammed +6 more
TL;DR: This work has analysed 60 models of DBF in an attempt to uncover how numerous DBF activities are really public even when the actions vary, and generates a unified abstract view ofDBF in the form of a metamodel.
Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field
TL;DR: This paper has proposed suitable steps of constructing and Integrated Incident Response Model (IIRM) that can be relied upon in the database forensic investigation field.
Digital Forensics Subdomains: The State of the Art and Future Directions
Arafat Al-Dhaqm,Richard Adeyemi Ikuesan,Victor R. Kebande,Shukor Abd Razak,George Grispos,Kim-Kwang Raymond Choo,Bander Ali Saleh Al-rimy,AbdulRahman A. Alsewari +7 more
TL;DR: In this article, the authors proposed a high-level abstract metamodel, which combines the common investigation processes, activities, techniques, and tasks for digital forensics subdomains.
References
On metadata context in Database Forensics
TL;DR: It is found that databases are inherently multidimensional from a forensic perspective and a notation is introduced to express the meaning of various possible forensic queries within this multiddimensional context.
115
Forensic analysis of database tampering
Kyriacos E. Pavlou,Richard T. Snodgrass +1 more
- 27 Jun 2006
TL;DR: This paper addresses the next problem, that of determining who, when, and what, by providing a systematic means of performing forensic analysis after such tampering has been uncovered by introducing a schematic representation termed a "corruption diagram" that aids in intrusion investigation.
InnoDB Database Forensics
Peter Frühwirt,Marcus Huber,Martin Mulazzani,Edgar Weippl +3 more
- 20 Apr 2010
TL;DR: This paper will describe the file format of the MySQL Database 5.1.32 with InnoDB Storage Engine, and explain with a practical example of how to reconstruct the data found in the file system of any SQL table.
Log File Analysis
Jan Valdman
- 01 Jan 2001
TL;DR: The paper provides an overview of current state of technology in the eld of log le analysis and stands for basics of ongoing PhD thesis.
49
Related Papers (5)
Peter Frühwirt,Marcus Huber,Martin Mulazzani,Edgar Weippl +3 more
- 20 Apr 2010
Oluwasola Mary Fasan,Martin S. Olivier +1 more
- 03 Jan 2012