Auditing and Forensic Analysis
The goal of database auditing is to retain a secure record of database operations that can be used to verify compliance with desired security policies, to trace policy violations, or to detect anomalous patterns of access. An audit log can contain the authorization ID and time stamp of read and write operations in the database, as well as a record of server connections, login attempts and authorization changes. Government and institutional regulations for the management of sensitive information often require auditing of data disclosure and data modification.
Database forensicsis the analysis of the state of a database system to validate hypotheses about past events that are relevant to an alleged crime or violation of policy. Evidence supporting a forensic analysis may be found in an audit log (if available) but may also be recovered from any other component of a database system including table storage, the transaction log, temporary...
KeywordsForensic Analysis Digital Evidence Digital Forensic Audit Analysis Table Storage
- 2.Agrawal R, Bayardo RJ, Faloutsos C, Kiernan J, Rantzau R, Srikant R. Auditing compliance with a hippocratic database. In: Proceedings of 30th International Conference on Very Large Data Bases; 2004. p. 516–27.Google Scholar
- 6.Lomet D, Vagena Z, Barga R. Recovery from “bad” user transactions. In: Proceedings of ACM SIGMOD International Conference on Management of Data; 2006. p. 337–46.Google Scholar
- 7.Snodgrass RT, Collberg CS. The τ-BerkeleyDB temporal subsystem. Available at www.cs.arizona.edu/tau/tbdb/
- 8.Snodgrass RT, Collberg CS. The τ-MySQL transaction time support. Available at www.cs.arizona.edu/tau/tmysql
- 9.Stahlberg P, Miklau G, Levine B. Threats to privacy in the forensic analysis of database systems. In: Proceedingsof ACM SIGMOD International Conference on Management of Data; 2007. p. 91–102.Google Scholar
- 10.Waters B, Balfanz D, Durfee G, Smetters D. Building an encrypted and searchable audit log. In: Proceedings of Network and Distributed System Security Symposium; 2004. p. 91–102.Google Scholar