Revision as of 09:49, 18 February 2024 edit Sauer202 (talk \| contribs) Extended confirmed users 21,373 edits No edit summary Tag: Disambiguation links added ← Previous edit		Revision as of 09:49, 18 February 2024 edit undo Sauer202 (talk \| contribs) Extended confirmed users 21,373 edits No edit summary Next edit →
Line 3: '''Database forensics''' is a branch of [[digital forensics\|digital forensic science]] relating to the forensic study of [[databases]] and their related [[metadata]].<ref>{{cite journal\|last=Olivier\|first=Martin S.\|title=On metadata context in Database Forensics\|doi=10.1016/j.diin.2008.10.001\|date=March 2009\|volume=5\|issue=3–4\|journal=Digital Investigation\|pages=115–123\|citeseerx=10.1.1.566.7390}}</ref> The discipline is similar to [[computer forensics]], following the normal forensic process and applying investigative techniques to database contents and metadata. Cached information may also exist in a [[~~server~~Server (computing)\|servers]]s [[RAM]] requiring [[Digital forensics#live analysis\|live analysis]] techniques. A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of wrongdoing, such as fraud.

Database forensics: Difference between revisions