Abstract
Although considerable research has been conducted in the area of data- base forensics over the past few years, several aspects of database forensics remain to be considered. One of the challenges facing database forensics is that the results of forensic analysis may be inconsistent with the raw data contained in a database because of changes made to the metadata. This paper describes the various types of changes that can be made to a database schema by an attacker and shows how metadata changes can affect query results. Techniques for reconstructing the original database schema are also described.
Chapter PDF
Similar content being viewed by others
References
O. Adedayo and M. Olivier, On the completeness of reconstructed data for database forensics, Proceedings of the Fourth International Conference on Digital Forensics and Cyber Crime, pp. 220–238, 2013.
H. Beyers, M. Olivier and G. Hancke, Assembling metadata for database forensics, in Advances in Digital Forensics VII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 89–99, 2011.
E. Codd, The Relational Model for Database Management, Version 2, Addison-Wesley, Reading, Massachusetts, 1990.
R. Elmasri and S. Navathe, Fundamentals of Database Systems, Addison-Wesley, Boston, Massachusetts, 2011.
O. Fasan and M. Olivier, Correctness proof for database reconstruction algorithm, Digital Investigation, vol. 9(2), pp. 138–150, 2012.
O. Fasan and M. Olivier, On dimensions of reconstruction in database forensics, Proceedings of the Seventh International Workshop on Digital Forensics and Incident Analysis, pp. 97–106, 2012.
O. Fasan and M. Olivier, Reconstruction in database forensics, in Advances in Digital Forensics VIII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 273–287, 2012.
K. Fowler, SQL Server Forensic Analysis, Addison-Wesley, Boston, Massachusetts, 2009.
P. Fruhwirt, M. Huber, M. Mulazzani and E. Weippl, InnoDB database forensics, Proceedings of the Twenty-Fourth IEEE International Conference on Advanced Information Networking and Applications, pp. 1028–1036, 2010.
P. Fruhwirt, P. Kieseberg, S. Schrittwieser, M. Huber and E. Weippl, InnoDB database forensics: Reconstructing data manipulation queries from redo logs, Proceedings of the Seventh International Conference on Availability, Reliability and Security, pp. 625–633, 2012.
S. Garfinkel, Digital forensics research: The next 10 years, Digital Investigation, vol. 7(S), pp. S64–S73, 2010.
D. Litchfield, Oracle Forensics, Parts 1–6, NGSSoftware Insight Security Research Publication, Next Generation Security Software, Manchester, United Kingdom, 2007–2008.
S. Nebiker and S. Bleisch, Introduction to Database Systems, Geographic Information Technology Training Alliance, Zurich, Switzerland, 2010.
M. Olivier, On metadata context in database forensics, Digital Investigation, vol. 5(3-4), pp. 115–123, 2009.
G. Palmer, A Road Map for Digital Forensic Research, Report from the First Digital Forensic Research Workshop, DFRWS Technical Report, DTR-T001-01 Final, Utica, New York, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Adedayo, O.M., Olivier, M. (2014). Schema Reconstruction in Database Forensics. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics X. DigitalForensics 2014. IFIP Advances in Information and Communication Technology, vol 433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44952-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-662-44952-3_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44951-6
Online ISBN: 978-3-662-44952-3
eBook Packages: Computer ScienceComputer Science (R0)