Digital Evidence for Database Tamper Detection

Abstract

Most secure database is the one you know the most. Tamper detection compares the past and present status of the system and produces digital evidence for forensic analysis. Our focus is on different methods or identification of different locations in an oracle database for collecting the digital evidence for database tamper detection. Starting with the basics of oracle architecture, continuing with the basic steps of forensic analysis the paper elaborates the extraction of suspicious locations in oracle. As a forensic examiner, collecting digital evidence in a database is a key factor. Planned and a modelled way of examination will lead to a valid detection. Based on the literature survey conducted on different aspects of collecting digital evidence for database tamper detection, the paper proposes a block diagram which may guide a database forensic examiner to obtain the evidences.

Share and Cite:

S. Tripathi and B. Baburao Meshram, "Digital Evidence for Database Tamper Detection," Journal of Information Security, Vol. 3 No. 2, 2012, pp. 113-121. doi: 10.4236/jis.2012.32014.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] K. Loney and B. Bryla, “Oracle Database 10g DBA Handbook,” McGraw-Hill, New York, 2005.
[2] D. Litchfield, “Book on ‘Oracle Forensics’,” Wiley, Hoboken, 2008.
[3] O. L. Carroll, S. K. Brannon and T. Song, “Computer Forensics: Digital Forensic Analysis Methodology,” Computer, Vol. 56, 2008, pp. 1-8.
[4] N. Aaron, “Oracle Database Security,” ICTN 4040, Spring, 2006. doi:10.1.1.94.4146
[5] J. Azemovic and D. Music, “Efficient Model for Detection Data and Data Scheme Tempering with Purpose of Valid Forensic Analysis,” Proceedings of the 2009 International Conference on Computer Engineering and Applications, Manila, 6-8 June 2009.
[6] G. Miklau1 and D. Suciu, “Implementing a Tamper-Evident Database System,” University of Massachusetts & University of Washington, Amherst & Washington DC, 2005.
[7] J. Zhang, A. Chapman and K. LeFevre, “Do You KnowWhere Your Data’s Been?—Tamper-Evident Database Provenance,” Proceedings of the 6th VLDB Workshop on Secure Data Management, Lyon, 28 August 2009. doi:10.1007/978-3-642-04219-5_2
[8] D. C. Lee, J. M. Choi and S. J. Lee, “Database Forensic Investigation Based on Table Relationship Analysis Techniques,” Proceedings of the 2nd International Conference on Computer Science and Its Applications of the IEEE SCA, Jeju, 10-12 December 2009, pp. 1-5. doi:10.1109/CSA2009.5404235
[9] M. J. Malmgren, “An Infrastructure for Database Tamper Detection and Forensic Analysis,” Bachelor’s Thesis, University of Arizona, Tucson, 2007.
[10] R. T. Snodgrass, S. S. Yao and C. Collberg, “Tamper Detection in Audit Logs,” Proceedings of the 30th International Conference on Very Large Data Bases, Toronto, 31 August-3 September 2004.
[11] “Oracle Forensics In a Nutshell 25/03/2007,” 2007.
[12] P. Finnigan, “Oracle Forensics,” OUG Scotland, DBA SIG, 30 April 2008.
[13] P. M. Wright, “Oracle Database Forensics Using LogMiner Option 3—Perform Forensic Tool Validation,” Proceedings of the GCFA Assignment—GSEC, GCFW, and GCIH, London, 10 January 2005.
[14] D. Litchfield, “Oracle Forensics Part 1: Dissecting the Redo Logs,” NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton, 2007.
[15] D. Litchfield, “Oracle Forensics Part 2: Locating Dropped Objects,” NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton, 2007.
[16] D. Litchfield, “Oracle Forensics Part 3: Isolating Evidence of Attacks against the Authentication Mechanism,” NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton, 2007.
[17] D. Litchfield, “Oracle Forensics Part 4: Live Response,” NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton, 2007.
[18] D. Litchfield, “Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing,” NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton, 2007.
[19] D. Litchfield “Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin,” NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton, 2007.
[20] D. Litchfield, “Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Investigations,” NGSSoftware Insight Security Research (NISR), Next Generation Security Software Ltd., Sutton, 2008.

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.