Revision as of 16:02, 6 May 2012 edit Helpful Pixie Bot (talk \| contribs) Bots 571,497 edits m ISBNs (Build KC) ← Previous edit		Revision as of 04:34, 31 July 2012 edit undo Chris the speller (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers 894,179 edits m Typo fixing, typos fixed: wrong doing → wrongdoing using AWB (8097) Next edit →
Line 5: The discipline is similar to [[computer forensics]], following the normal forensic process and applying investigative techniques to database contents and metadata. Cached information may also exist in a servers [[RAM]] requiring [[Digital forensics#live analysis\|live analysis]] techniques. A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of ~~wrong doing~~wrongdoing, such as fraud. Software tools such as ACL, Idea and Arbutus (which provide a read-only environment) can be used to manipulate and analyse data. These tools also provide audit logging capabilities which provide documented proof of what tasks or analysis a forensic examiner performed on the database.

Database forensics: Difference between revisions