Content deleted Content added
m Adding category Category:Digital forensics (using HotCat) |
Autoerrant (talk | contribs) general page cleanup, typos fixed: to to → to using AWB |
||
Line 7:
A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of wrong doing, such as fraud.
Software tools such as ACL, Idea and Arbutus (which provide a read-only environment) can be used
Currently many database software tools are in general not reliable and precise enough to be used for forensic work as demonstrated in the first paper published on database forensics.<ref>[http://www.giac.org/certified_professionals/practicals/gcfa/0159.php Oracle Database Forensics using LogMiner - GIAC Certified Student Practical<!-- Bot generated title -->]</ref>
There is currently a single book published in this field,<ref>
Additionally there is a subsequent SQL Server forensics book by Kevvie Fowler named SQL Server Forensics which is well regarded also.
The forensic study of relational databases requires a knowledge of the standard used to encode data on the computer disk. A documentation of standards used to encode information in well known brands of DB such as SQL Server and Oracle has been contributed to the public ___domain.<ref>[http://www.sans.org/reading_room/whitepapers/forensics/1906.php SANS Institute - Forensic Analysis of a SQL Server 2005 Database Server<!-- Bot generated title -->]</ref><ref>[http://www.databasesecurity.com/oracle-forensics.htm Oracle Forensics and Incident Response - databasesecurity.com<!-- Bot generated title -->]</ref>
Line 27:
{{Digital forensics}}
[[Category:Databases]]
[[Category:Digital forensics]]
| |||