Schema Reconstruction in Database Forensics

  • Oluwasola Mary Adedayo
  • Martin Olivier
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 433)


Although considerable research has been conducted in the area of data- base forensics over the past few years, several aspects of database forensics remain to be considered. One of the challenges facing database forensics is that the results of forensic analysis may be inconsistent with the raw data contained in a database because of changes made to the metadata. This paper describes the various types of changes that can be made to a database schema by an attacker and shows how metadata changes can affect query results. Techniques for reconstructing the original database schema are also described.


Database forensics database reconstruction inverse relational algebra 


  1. 1.
    O. Adedayo and M. Olivier, On the completeness of reconstructed data for database forensics, Proceedings of the Fourth International Conference on Digital Forensics and Cyber Crime, pp. 220–238, 2013.CrossRefGoogle Scholar
  2. 2.
    H. Beyers, M. Olivier and G. Hancke, Assembling metadata for database forensics, in Advances in Digital Forensics VII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 89–99, 2011.CrossRefGoogle Scholar
  3. 3.
    E. Codd, The Relational Model for Database Management, Version 2, Addison-Wesley, Reading, Massachusetts, 1990.zbMATHGoogle Scholar
  4. 4.
    R. Elmasri and S. Navathe, Fundamentals of Database Systems, Addison-Wesley, Boston, Massachusetts, 2011.Google Scholar
  5. 5.
    O. Fasan and M. Olivier, Correctness proof for database reconstruction algorithm, Digital Investigation, vol. 9(2), pp. 138–150, 2012.CrossRefGoogle Scholar
  6. 6.
    O. Fasan and M. Olivier, On dimensions of reconstruction in database forensics, Proceedings of the Seventh International Workshop on Digital Forensics and Incident Analysis, pp. 97–106, 2012.Google Scholar
  7. 7.
    O. Fasan and M. Olivier, Reconstruction in database forensics, in Advances in Digital Forensics VIII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 273–287, 2012.CrossRefGoogle Scholar
  8. 8.
    K. Fowler, SQL Server Forensic Analysis, Addison-Wesley, Boston, Massachusetts, 2009.Google Scholar
  9. 9.
    P. Fruhwirt, M. Huber, M. Mulazzani and E. Weippl, InnoDB database forensics, Proceedings of the Twenty-Fourth IEEE International Conference on Advanced Information Networking and Applications, pp. 1028–1036, 2010.Google Scholar
  10. 10.
    P. Fruhwirt, P. Kieseberg, S. Schrittwieser, M. Huber and E. Weippl, InnoDB database forensics: Reconstructing data manipulation queries from redo logs, Proceedings of the Seventh International Conference on Availability, Reliability and Security, pp. 625–633, 2012.Google Scholar
  11. 11.
    S. Garfinkel, Digital forensics research: The next 10 years, Digital Investigation, vol. 7(S), pp. S64–S73, 2010.CrossRefGoogle Scholar
  12. 12.
    D. Litchfield, Oracle Forensics, Parts 1–6, NGSSoftware Insight Security Research Publication, Next Generation Security Software, Manchester, United Kingdom, 2007–2008.Google Scholar
  13. 13.
    S. Nebiker and S. Bleisch, Introduction to Database Systems, Geographic Information Technology Training Alliance, Zurich, Switzerland, 2010.Google Scholar
  14. 14.
    M. Olivier, On metadata context in database forensics, Digital Investigation, vol. 5(3-4), pp. 115–123, 2009.CrossRefGoogle Scholar
  15. 15.
    G. Palmer, A Road Map for Digital Forensic Research, Report from the First Digital Forensic Research Workshop, DFRWS Technical Report, DTR-T001-01 Final, Utica, New York, 2001.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Oluwasola Mary Adedayo
    • 1
  • Martin Olivier
    • 1
  1. 1.University of PretoriaPretoriaSouth Africa

Personalised recommendations