Schema Reconstruction in Database Forensics
Although considerable research has been conducted in the area of data- base forensics over the past few years, several aspects of database forensics remain to be considered. One of the challenges facing database forensics is that the results of forensic analysis may be inconsistent with the raw data contained in a database because of changes made to the metadata. This paper describes the various types of changes that can be made to a database schema by an attacker and shows how metadata changes can affect query results. Techniques for reconstructing the original database schema are also described.
KeywordsDatabase forensics database reconstruction inverse relational algebra
Unable to display preview. Download preview PDF.
- 4.R. Elmasri and S. Navathe, Fundamentals of Database Systems, Addison-Wesley, Boston, Massachusetts, 2011.Google Scholar
- 6.O. Fasan and M. Olivier, On dimensions of reconstruction in database forensics, Proceedings of the Seventh International Workshop on Digital Forensics and Incident Analysis, pp. 97–106, 2012.Google Scholar
- 8.K. Fowler, SQL Server Forensic Analysis, Addison-Wesley, Boston, Massachusetts, 2009.Google Scholar
- 9.P. Fruhwirt, M. Huber, M. Mulazzani and E. Weippl, InnoDB database forensics, Proceedings of the Twenty-Fourth IEEE International Conference on Advanced Information Networking and Applications, pp. 1028–1036, 2010.Google Scholar
- 10.P. Fruhwirt, P. Kieseberg, S. Schrittwieser, M. Huber and E. Weippl, InnoDB database forensics: Reconstructing data manipulation queries from redo logs, Proceedings of the Seventh International Conference on Availability, Reliability and Security, pp. 625–633, 2012.Google Scholar
- 12.D. Litchfield, Oracle Forensics, Parts 1–6, NGSSoftware Insight Security Research Publication, Next Generation Security Software, Manchester, United Kingdom, 2007–2008.Google Scholar
- 13.S. Nebiker and S. Bleisch, Introduction to Database Systems, Geographic Information Technology Training Alliance, Zurich, Switzerland, 2010.Google Scholar
- 15.G. Palmer, A Road Map for Digital Forensic Research, Report from the First Digital Forensic Research Workshop, DFRWS Technical Report, DTR-T001-01 Final, Utica, New York, 2001.Google Scholar