Home            Contact us            FAQs
    
      Journal Home      |      Aim & Scope     |     Author(s) Information      |      Editorial Board      |      MSP Download Statistics

     Research Journal of Applied Sciences, Engineering and Technology

Research Article   |   OPEN ACCESS

Conceptual Investigation Process Model for Managing Database Forensic Investigation Knowledge

Aarafat Aldhaqm, Shukor Abd Razak, Siti Hajar Othman, Abdulalem Ali and Asri Ngadi
Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, Johor, Malaysia
Research Journal of Applied Sciences, Engineering and Technology  2016  4:386-394
http://dx.doi.org/10.19026/rjaset.12.2377  |  © The Author(s) 2016
Received: February ‎6, ‎2015  |  Accepted: March ‎12, ‎2015  |  Published: February 25, 2016
Back to issue  |  PDF   |   HTML

Abstract

Database Forensic Investigation (DBFI) discipline has been utilizing in identifying, collecting, preserving, analyzing, reconstructing and documenting database crimes. DBFI knowledge has scattered anywhere and has not ever an obvious structure to managing it. This study makes survey of several DBFI knowledge process models, algorithms, methods, artifacts and tools offered till date. The functionality of many DBFI analysis algorithms and several DBFI artifacts available for forensics investigator are discussed. The DBFI challenges and issues are highlighted. The significance of this study is that it presents conceptual investigation process model and an overview on DBFI knowledge covering algorithms, process models, methods and artifacts forensics, which will be very much useful for DBFI users, practitioners and researchers in exploring this upcoming and young discipline.

Keywords:

Database forensic, DBMS, forensic artifacts, nonvolatile artifacts, process model, volatile artifacts,

References

  1. Al-Dhaqm, R., A. Mohammed, S.H. Othman, S. Abd Razak and A. Ngadi, 2014. Towards adapting metamodelling technique for database forensics investigation domain. Proceeding of the International Symposium on Biometrics and Security Technologies (ISBAST, 2014), pp: 322-327.
    CrossRef    
  2. Azemovic, J. and D. Mušic, 2009. Efficient model for detection data and data scheme tempering with purpose of valid forensic analysis. Proceeding of the 2009 International Conference on Computer Engineering and Applications (ICCEA, 2009).
  3. Azemovic, J. and D. Music, 2010. Methods for efficient digital evidences collecting of business proceses and users activity in elearning enviroments. Proceeding of the International Conference on e-Education, e-Business, e-Management and e-Learning (IC4E'10), pp: 126-130.
    CrossRef    
  4. Baker, L.B. and J. Finkle, 2011. Sony Playstation Suffers Massive Data Breach. Retreieved form: http://www.Reuters.com/article/us-sony-stoldendate-idUSTRE73P6WB20110426. (Accessed on: April 26, 2011).
    Direct Link
  5. Basu, A., 2006. Forensic Tamper Detection in SQL Server. Retrieved form: http://www.sqlsecurity. com/chipsblog/archivedposts.
    Direct Link
  6. Carrier, B. and E.H. Spafford, 2003. Getting physical with the digital investigation process. Int. J. Digit. Evidence, 2(2): 1-20.
  7. Carvey, H., 2009. Windows Forensic Analysis DVD toolkit. 2nd Edn., Syngress, Burlington, MA.
  8. Choi, J.H., D.W. Jeong and S. Lee, 2013. The method of recovery for deleted record in oracle database. J. Korea Inst. Inform. Secur. Cryptol., 23(5): 947-955.
    CrossRef    
  9. Ciardhuáin, S.Ó., 2004. An extended model of cybercrime investigations. Int. J. Digital Evidence, 3(1): 1-22.
  10. Clarke, J., 2012. SQL Injection Attacks and Defense. Elsevier Publisher, USA.
  11. Cohen, F., 2012. Digital Forensic Evidence Examination. 4th Edn., ASP Press, New York.
  12. Eessaar, E., 2006. Relational and Object-relational Database Management Systems as Platforms for Managing Software Engineering Artifacts. TUT Press, Tallinn.
  13. Ericka, C., 2010. Ex-TSA Employee Indicted for Tempering with Database of Terrorist Suspects. Retrieved form: http://www.darkreading. com/database-security/167901020/security/ applicationsecurity/223800029/ex-tsa-employee-indicted-for-tampering-with-database-ofterrorist-suspects.html. (Accessed on: Apr. 15, 2011).
    Direct Link
  14. Fasan, O.M. and M. Olivier, 2012. Reconstruction in database forensics. In: Peterson, G. and S. Shenoi (Eds.), Advances in Digital Forensics VIII, IFIP AICT 383, IFIP International Federation for Information Processing, pp: 273-287.
    CrossRef    
  15. Fowler, K., 2008. SQL Server Forenisc Analysis. Pearson Education, ISBN: 0321617673, 9780321617675.
  16. Freiling, F.C. and B. Schwittay, 2007. A common process model for incident response and computer forensics. IMF, 7: 19-40.
  17. Fruhwirt, P., M. Huber, M. Mulazzani and E.R. Weippl, 2010. Innodb database forensics. Proceeding of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA, 2010), pp: 1028-1036.
    CrossRef    
  18. Fruhwirt, P., P. Kieseberg, S. Schrittwieser, M. Huber and E. Weippl, 2012. InnoDB database forensics: reconstructing data manipulation queries from redo logs. Proceeding of the 7th International Conference on Availability, Reliability and Security (ARES, 2012), pp: 625-633.
    CrossRef    
  19. Frühwirt, P., P. Kieseberg, S. Schrittwieser, M. Huber and E. Weippl, 2013. InnoDB database forensics: Enhanced reconstruction of data manipulation queries from redo logs. Inform. Secur. Technical Report, 17(4): 227-238.
    CrossRef    
  20. Guimaraes, M.A., R. Austin and H. Said, 2010. Database forensics. Proceeding of the 2010 Information Security Curriculum Development Conference, pp: 62-65.
    CrossRef    PMid:21103789    
  21. Haerder, T. and A. Reuter, 1983. Principles of transaction-oriented database recovery. ACM Comput. Surv. (CSUR), 15(4): 287-317.
    CrossRef    
  22. Jin, X. and S.L. Osborn, 2007. Architecture for Data Collection in Database Intrusion Detection Systems. In: Secure Data Managemeny, Springer, Berlin, Heidelberg, pp: 96-107.
    CrossRef    
  23. Kambire, M.K., P.H. Gaikwad, S.Y. Gadilkar and Y.A. Funde, 2015. An improved framework for tamper detection in databases. Int. J. Comput. Sci. Inform. Technol., 6(1): 57-60.
  24. Kaplan, D., 2012. Hackers Breach Environment Protection Agency Database. Retrieved Nov, 20, 2012.
  25. Köhn, M., M.S. Olivier and J.H. Eloff, 2006. Framework for a digital forensic investigation. Proceeding of the 2006 ISSA, pp: 1-7.
    PMid:16267266 PMCid:PMC1345641    
  26. Kohn, M.D., M.M. Eloff and J.H. Eloff, 2013. Integrated digital forensic process model. Comput. Secur., 38: 103-115.
    CrossRef    
  27. Kruse II, W.G. and J.G. Heiser, 2001. Computer Forensics: Incident Response Essentials. Pearson Education.
  28. Lee, G.T., S. Lee, E. Tsomko and S. Lee, 2007. Discovering methodology and scenario to detect covert database system. Proceeding of the 2007 Future Generation Communication and Networking (FGCN, 2007), pp: 130-135.
    CrossRef    
  29. Lee, K.G., A. Savoldi, P. Gubian, K.S. Lim, S. Lee and S. Lee, 2008. Methodologies for detecting covert database. Proceeding of the International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIHMSP'08), pp: 538-541.
    CrossRef    PMCid:PMC2666014    
  30. Litchfield, D., 2007a. Oracle Forensics Part 1: Dissecting the Redo Logs. NGSSoftware Insight Security Research (NISR) Publication, Next Generation Security Software Ltd., Sutton.
    PMCid:PMC4206211    
  31. Litchfield, D., 2007b. Oracle forensics Part 2: Locating Dropped Objects. NGSSoftware Insight Security Research (NISR) Publication, Next Generation Security Software. (Retrieved from: http://www.davidlitchfield.com/.).
    Direct Link
  32. Litchfield, D., 2007c. Oracle Forensics: Part 3 Isolating Evidence of Attacks Against the Authentication Mechanism. NGSSoftware Insight Security Research (NISR).
    PMCid:PMC4206211    
  33. Litchfield, D., 2007d. Oracle forensics Part 4: Live Response. NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton.
    PMCid:PMC4206211    
  34. Litchfield, D., 2007e. Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing. NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton.
    PMCid:PMC4206211    
  35. Litchfield, D., 2007f. Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin. NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton.
    PMCid:PMC4206211    
  36. Litchfield, D., 2008. Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Investigations. NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton.
  37. Litchfield, D., C. Anley, J. Heasman and B. Grindlay, 2005. The Database Hacker's Handbook: Defending Database Servers. Wiley, New York.
  38. Montalbano, E., 2011. Anonymous Claims Hack on NATO Servers: Retrieved Sep.
  39. Natan, R.B., 2005. Implementing Database Security and Auditing. Digital Press.
  40. Ngadi, M., R. Al-dhaqm and A. Mohammed, 2012. Detection and prevention of malicious activities on RDBMS relational database management systems. Int. J. Sci. Eng. Res., 3(9): 1-10.
  41. Olivier, M.S., 2009. On metadata context in database forensics. Digit. Invest., 5(3): 115-123.
    CrossRef    
  42. Palmer, G., 2001. A road map for digital forensic research. Proceeding of the 1st Digital Forensic Research Workshop. Utica, New York, pp: 27-30.
  43. Pavlou, K.E. and R.T. Snodgrass, 2008. Forensic analysis of database tampering. ACM T. Database Syst., pp: 1-45.
  44. Pavlou, K.E. and R.T. Snodgrass, 2010. The tiled bitmap forensic analysis algorithm. IEEE T. Knowl. Data En., 22(4): 590-601.
    CrossRef    
  45. Perumal, S., 2009. Digital forensic model based on Malaysian investigation process. Int. J. Comput. Sci. Network Secur., 9(8): 38-44.
  46. Pollitt, M., 1995. Computer forensics: An approach to evidence in cyberspace. Proceeding of the National Information Systems Security Conference, pp: 487-491.
  47. Qian, L., H. Xueli and W. Hao, 2014. Database management strategy and recovery methods of android. Proceeding of the 5th IEEE International Conference on Software Engineering and Service Science (ICSESS, 2014), pp: 727-730.
  48. Reith, M., C. Carr and G. Gunsch, 2002. An examination of digital forensic models. Int. J. Digit. Evidence, 1(3): 1-12.
  49. Retrieved Nov, 20, 2012. A framework for database forensic analysis. Published Comput. Sci. Eng. Int. J., 2(3).
    CrossRef    
  50. Shearer, L., 2012. UGA says digital intruders got personnel record access. Retrieved Nov. 20, 2012.
  51. Snodgrass, R.T., S.S. Yao and C. Collberg, 2004. Tamper detection in audit logs. Proceeding of the 13th International Conference on Very Large Data Bases, 30: 504-515.
    CrossRef    
  52. Son, N., K.G. Lee, S. Jeon, H. Chung, S. Lee and C. Lee, 2011. The method of database server detection and investigation in the enterprise environment. In: Park, J.J. (Eds.), STA, 2011. CCIS 186, Springer-Verlag, Berlin, Heidelberg, pp: 164-171.
    CrossRef    
  53. Spreitzenbarth, M., S. Schmitt and F. Freiling, 2012. Comparing sources of location data from android smartphones. In: Peterson, G. and S. Shenoi (Eds.), Advances in Digital Forensics VIII, IFIP Advances in Information and Communication Technology. Springer, Berlin, Heidelberg, pp: 143-157.
    CrossRef    
  54. Suffern, L., 2010. A study of current trends in database forensics. J. Dig. Forensic Practice, 3(2-4): 67-73.
    CrossRef    
  55. Tripathi, S. and B.B. Meshram, 2012. Digital evidence for database tamper detection. J. Inform. Secur., 3: 113-121.
    CrossRef    
  56. Williams III, R.H., 2006. Introduction to Information Security Concepts.
  57. Wong, D. and K. Edwards, 2004. System and Method for Investigating a Data Operation Performed on a Database. Publication number US20050289187 A1.
  58. Wright, P.M., 2005. Oracle database forensics using logminer option 3-perform forensic tool validation. Proceeding of the GCFA Assignment-GSEC, GCFW and GCIH, London.
  59. Wright, P.M. and D. Burleson, 2008. Oracle Forensics: Oracle Security Best Practices. Rampant Tech Press.
  60. Wu, B., M. Xu, H. Zhang, J. Xu, Y. Ren and N. Zheng, 2013. A recovery approach for SQLite history recorders from YAFFS2. Proceeding of Information and Communication Technology-EurAsia Conference. Yogyakarta, Indonesia, pp: 295-299.
    CrossRef    
  61. Xu, M., X., Yang, B., Wu, J., Yao, H., Zhang and J. Xu, 2013. A metadata-based method for recovering files and file traces from YAFFS2. Digit. Invest., 10(1): 62-72.
    CrossRef    

Competing interests

The authors have no competing interests.

Open Access Policy

This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Copyright

The authors have no competing interests.
ISSN (Online):  2040-7467
ISSN (Print):   2040-7459
Submit Manuscript
   Information
   Sales & Services
Home   |  Contact us   |  About us   |  Privacy Policy
Copyright © 2025. MAXWELL Scientific Publication Corp., All rights reserved