Encyclopedia of Database Systems

2018 Edition
| Editors: Ling Liu, M. Tamer Özsu

Auditing and Forensic Analysis

  • Brian LevineEmail author
  • Gerome Miklau
Reference work entry
DOI: https://doi.org/10.1007/978-1-4614-8265-9_30


Accountability; Monitoring


The goal of database auditing is to retain a secure record of database operations that can be used to verify compliance with desired security policies, to trace policy violations, or to detect anomalous patterns of access. An audit log can contain the authorization ID and time stamp of read and write operations in the database, as well as a record of server connections, login attempts and authorization changes. Government and institutional regulations for the management of sensitive information often require auditing of data disclosure and data modification.

Database forensicsis the analysis of the state of a database system to validate hypotheses about past events that are relevant to an alleged crime or violation of policy. Evidence supporting a forensic analysis may be found in an audit log (if available) but may also be recovered from any other component of a database system including table storage, the transaction log, temporary...

This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Adam NR, Wortmann JC. Security-control methods for statistical databases: a comparative study. ACM Comput Surv. 1989;21(4):515–56.CrossRefGoogle Scholar
  2. 2.
    Agrawal R, Bayardo RJ, Faloutsos C, Kiernan J, Rantzau R, Srikant R. Auditing compliance with a hippocratic database. In: Proceedings of the 30th International Conference on Very Large Data Bases; 2004. p. 516–27.CrossRefGoogle Scholar
  3. 3.
    Ammann P, Jajodia S, Liu P. Recovery from malicious transactions. IEEE Trans Knowl Data Eng. 2002;14(5):1167–85.CrossRefGoogle Scholar
  4. 4.
    Castano S, Fugini MG, Martella G, Samarati P. Database security. New York: ACM/Addison-Wesley; 1994.zbMATHGoogle Scholar
  5. 5.
    Jensen CS, Mark L, Roussopoulos N. Incremental implementation model for relational databases with transaction time. IEEE Trans Knowl Data Eng. 1991;3(4):461–73.CrossRefGoogle Scholar
  6. 6.
    Lomet D, Vagena Z, Barga R. Recovery from “bad” user transactions. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2006. p. 337–46.Google Scholar
  7. 7.
    Snodgrass RT, Collberg CS. The τ-BerkeleyDB temporal subsystem. Available at www.cs.arizona.edu/tau/tbdb/
  8. 8.
    Snodgrass RT, Collberg CS. The τ-MySQL transaction time support. Available at www.cs.arizona.edu/tau/tmysql
  9. 9.
    Stahlberg P, Miklau G, Levine B. Threats to privacy in the forensic analysis of database systems. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2007. p. 91–102.Google Scholar
  10. 10.
    Waters B, Balfanz D, Durfee G, Smetters D. Building an encrypted and searchable audit log. In: Proceedings of the Network and Distributed System Security Symposium; 2004. p. 91–102.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.University of MassachusettsAmherstUSA

Section editors and affiliations

  • Elena Ferrari
    • 1
  1. 1.DiSTAUniv. of InsubriaVareseItaly