Assembling Metadata for Database Forensics

Abstract : Since information is often a primary target in a computer crime, organizations that store their information in database management systems (DBMSs) must develop a capability to perform database forensics. This paper describes a database forensic method that transforms a DBMS into the required state for a database forensic investigation. The method segments a DBMS into four abstract layers that separate the various levels of DBMS metadata and data. A forensic investigator can then analyze each layer for evidence of malicious activity. Tests performed on a compromised PostgreSQL DBMS demonstrate that the segmentation method provides a means for extracting the compromised DBMS components.
Document type :
Conference papers
Complete list of metadatas

Cited literature [10 references]  Display  Hide  Download

https://hal.inria.fr/hal-01569562
Contributor : Hal Ifip <>
Submitted on : Thursday, July 27, 2017 - 8:22:33 AM
Last modification on : Friday, December 1, 2017 - 1:16:43 AM

File

978-3-642-24212-0_7_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Hector Beyers, Martin Olivier, Gerhard Hancke. Assembling Metadata for Database Forensics. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. pp.89-99, ⟨10.1007/978-3-642-24212-0_7⟩. ⟨hal-01569562⟩

Share

Metrics

Record views

101

Files downloads

361