Encyclopedia of Database Systems

Living Edition
| Editors: Ling Liu, M. Tamer Özsu

Auditing and Forensic Analysis

  • Brian LevineEmail author
  • Gerome Miklau
Living reference work entry
DOI: https://doi.org/10.1007/978-1-4899-7993-3_30-2



The goal of database auditing is to retain a secure record of database operations that can be used to verify compliance with desired security policies, to trace policy violations, or to detect anomalous patterns of access. An audit log can contain the authorization ID and time stamp of read and write operations in the database, as well as a record of server connections, login attempts and authorization changes. Government and institutional regulations for the management of sensitive information often require auditing of data disclosure and data modification.

Database forensicsis the analysis of the state of a database system to validate hypotheses about past events that are relevant to an alleged crime or violation of policy. Evidence supporting a forensic analysis may be found in an audit log (if available) but may also be recovered from any other component of a database system including table storage, the transaction log, temporary...


Forensic Analysis Digital Evidence Digital Forensic Audit Analysis Table Storage 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Adam NR, Wortmann JC. Security-control methods for statistical databases: a comparative study. ACM Comput Surv. 1989;21(4):515–56.CrossRefGoogle Scholar
  2. 2.
    Agrawal R, Bayardo RJ, Faloutsos C, Kiernan J, Rantzau R, Srikant R. Auditing compliance with a hippocratic database. In: Proceedings of 30th International Conference on Very Large Data Bases; 2004. p. 516–27.Google Scholar
  3. 3.
    Ammann P, Jajodia S, Liu P. Recovery from malicious transactions. IEEE Trans Knowl Data Eng. 2002;14(5):1167–85.CrossRefGoogle Scholar
  4. 4.
    Castano S, Fugini MG, Martella G, Samarati P. Database security. New York: ACM/Addison-Wesley; 1994.zbMATHGoogle Scholar
  5. 5.
    Jensen CS, Mark L, Roussopoulos N. Incremental implementation model for relational databases with transaction time. IEEE Trans Knowl Data Eng. 1991;3(4):461–73.CrossRefGoogle Scholar
  6. 6.
    Lomet D, Vagena Z, Barga R. Recovery from “bad” user transactions. In: Proceedings of ACM SIGMOD International Conference on Management of Data; 2006. p. 337–46.Google Scholar
  7. 7.
    Snodgrass RT, Collberg CS. The τ-BerkeleyDB temporal subsystem. Available at www.cs.arizona.edu/tau/tbdb/
  8. 8.
    Snodgrass RT, Collberg CS. The τ-MySQL transaction time support. Available at www.cs.arizona.edu/tau/tmysql
  9. 9.
    Stahlberg P, Miklau G, Levine B. Threats to privacy in the forensic analysis of database systems. In: Proceedingsof ACM SIGMOD International Conference on Management of Data; 2007. p. 91–102.Google Scholar
  10. 10.
    Waters B, Balfanz D, Durfee G, Smetters D. Building an encrypted and searchable audit log. In: Proceedings of Network and Distributed System Security Symposium; 2004. p. 91–102.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.University of MassachusettsAmherstUSA

Section editors and affiliations

  • Elena Ferrari
    • 1
  1. 1.DiSTAUniv. of InsubriaVareseItaly