Database forensics: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 21:43, 24 May 2022 edit Dicklyon (talk \| contribs) Autopatrolled, Extended confirmed users, Rollbackers 486,013 edits m dash fix in bot generated titles (via WP:JWB) ← Previous edit		Latest revision as of 10:17, 18 February 2024 edit undo Sauer202 (talk \| contribs) Extended confirmed users 21,373 edits No edit summary
(8 intermediate revisions by 5 users not shown)
Line 1: {{more citations needed\|date=August 2010}} {{ForensicScience\|digital~~\|image=Hard disk.jpg~~}} '''Database forensics''' is a branch of [[digital forensics\|digital forensic science]] relating to the forensic study of [[databases]] and their related [[metadata]].<ref>{{cite journal\|last=Olivier\|first=Martin S.\|title=On metadata context in Database Forensics\|doi=10.1016/j.diin.2008.10.001\|date=March 2009\|volume=5\|issue=3–4\|journal=Digital Investigation\|pages=115–123\|citeseerx=10.1.1.566.7390}}</ref> The discipline is similar to [[computer forensics]], following the normal forensic process and applying investigative techniques to database contents and metadata. Cached information may also exist in a [[Server (computing)\|servers]] [[RAM]] requiring [[Digital forensics#live analysis\|live analysis]] techniques. A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of wrongdoing, such as fraud. Software tools can be used to manipulate and analyse data. These tools also provide audit logging capabilities which provide documented proof of what tasks or analysis a forensic examiner performed on the database. ~~Currently~~As of 2008, many database software tools are in general not reliable and precise enough to be used for forensic work as demonstrated in the first paper published on database forensics.<ref>{{Cite web \|url=http://www.giac.org/certified_professionals/practicals/gcfa/0159.php \|title=Oracle Database Forensics using LogMiner - GIAC Certified Student Practical<!-- Bot generated title --> \|access-date=2006-04-08 \|archive-url=https://web.archive.org/web/20060428163551/http://www.giac.org/certified_professionals/practicals/gcfa/0159.php \|archive-date=2006-04-28 \|url-status=dead }}</ref> As of 2008, there was only a single book published in this field,<ref>Oracle Forensics {{ISBN\|0-9776715-2-6}} (May 2008)</ref> though more are destined.<ref>Oracle Forensics Using Quisix {{ISBN\|0-470-19118-X}} (Dec 2008)</ref> Additionally there is a subsequent ''SQL Server Forensics'' book by Kevvie Fowler which is also well regarded.<ref>SQL Server Forensics {{ISBN\|0-321-54436-6}} (Dec 2008)</ref> There is currently a single book published in this field,<ref>Oracle Forensics {{ISBN\|0-9776715-2-6}} (May 2008)</ref> though more are destined.<ref>Oracle Forensics Using Quisix {{ISBN\|0-470-19118-X}} (Dec 2008)</ref> ~~Additionally there is a subsequent SQL Server forensics book by Kevvie Fowler named SQL Server Forensics which is well regarded also.<ref>SQL Server Forensics {{ISBN\|0-321-54436-6}} (Dec 2008)</ref>~~ The forensic study of relational databases requires a knowledge of the standard used to encode data on the computer disk. A documentation of standards used to encode information in well-known brands of DB such as SQL Server and Oracle has been contributed to the public ___domain.<ref>[http://www.sans.org/reading_room/whitepapers/forensics/1906.php SANS Institute – Forensic Analysis of a SQL Server 2005 Database Server<!-- Bot generated title -->]</ref><ref>[http://www.databasesecurity.com/oracle-forensics.htm Oracle Forensics and Incident Response - databasesecurity.com<!-- Bot generated title -->] {{webarchive \|url=https://web.archive.org/web/20130908135737/http://www.databasesecurity.com/oracle-forensics.htm \|date=September 8, 2013 }}</ref> Others include Apex Analytix.<ref>{{cite news \|author1=Mick Normington \|title=Ready for take off \|url=http://www.bizjournals.com/triad/stories/2004/01/05/story3.html ~~{{Bare~~\|access-date=3 ~~URL~~December 2022 \|work=The Business Journal ~~inline~~\|date=~~November~~5 ~~2021~~January 2004 \|___location=Greensboro}}</ref> Because the forensic analysis of a database is not executed in isolation, the technological framework within which a subject database exists is crucial to understanding and resolving questions of data authenticity and integrity especially as it relates to database users. Line 19 ⟶ 17: ==Further reading== * Farmer and Venema, 1999, http://www.porcupine.org/forensics/forensic-discovery/appendixB.html * Sarbanes Oxley section 404 – enforce financial standards to limit chance of fraud. http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/{{webarchive \|url=https://web.archive.org/web/20071013120741/http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/ \|archivedate=13 October 2007}} * HIPAA – Health and Portability Act https://web.archive.org/web/20051219200504/http://www.cms.hhs.gov/hipaa/ * Fair Credit Reporting Act (FCRA) http://www.gao.gov/new.items/d06674.pdf