A GENERIC DATABASE FORENSIC INVESTIGATION PROCESS MODEL
DOI:
https://doi.org/10.11113/jt.v78.9190Keywords:
Database forensic, investigation process, digital forensicAbstract
Database Forensic investigation is a domain which deals with database contents and their metadata to reveal malicious activities on database systems. Even though it is still new, but due to the overwhelming challenges and issues in the domain, this makes database forensic become a fast growing and much sought after research area. Based on observations made, we found that database forensic suffers from having a common standard which could unify knowledge of the domain. Therefore, through this paper, we present the use of Design Science Research (DSR) as a research methodology to develop a Generic Database Forensic Investigation Process Model (DBFIPM). From the creation of DBFIPM, five common forensic investigation processes have been proposed namely, the i) identification, ii) collection, iii) preservation, iv) analysis and v) presentation process. From the DBFIPM, it allows the reconciliation of concepts and terminologies of all common databases forensic investigation processes. Thus, this will potentially facilitate the sharing of knowledge on database forensic investigation among domain stakeholders. Â
References
Bertino, E. and R. Sandhu. 2005. Database Security-Concepts, Approaches, And Challenges. Dependable and Secure Computing, IEEE Transactions on. 2(1): 2-19.
Olivier, M. S. 2009. On Metadata Context In Database Forensics. Digital Investigation. 5(3): 115-123.
Guimaraes, M. A., R. Austin and H. Said. 2010. Database Forensics. 2010 Information Security Curriculum Development Conference: ACM. 62-65.
Fasan, O. M. and M. Olivier. 2012. Reconstruction in Database Forensics. Advances in Digital Forensics VIII. Springer. 273-287;
Hauger, W. K. and M. S. Olivier. 2014. The Role Of Triggers In Database Forensics. Information Security for South Africa (ISSA), 2014: IEEE. 1-7.
Yusoff, Y., R. Ismail and Z. Hassan. 2011. Common Phases Of Computer Forensics Investigation Models. International Journal of Computer Science & Information Technology (IJCSIT). 3(3): 17-31.
Beyers, H., M. Olivier and G. Hancke. 2011. Assembling Metadata For Database Forensics. Advances in Digital Forensics VII. Springer. 89-99.
Khanuja, H. K. and D. Adane. 2013. Forensic Analysis of Databases by Combining Multiple Evidences. International Journal Of Computers & Technology. 7(3): 654-663.
Adedayo, O. M. and M. Olivier. 2014. Schema Reconstruction in Database Forensics. Advances in Digital Forensics X. Springer. 101-116.
Wong, D. and K. Edwards. 2004. System And Method For Investigating A Data Operation Performed On A Database. Google Patents.
Fowler, K. 2008. SQL Server Forenisc Analysis: Pearson Education.
Khanuja, H. K. and D. D. Adane. 2012. A Framework For Database Forensic Analysis. Published in Computer Science & Engineering: An International Journal (CSEIJ). 2(3).
Grobler, C., C. Louwrens and S. H. Von Solms. 2010. A Framework To Guide The Implementation Of Proactive Digital Forensics In Organisations. Availability, Reliability, and Security, 2010. ARES'10 International Conference on: IEEE. 677-682.
Wright, P. M. and D. Burleson. 2008. Oracle Forensics: Oracle Security Best Practices. Rampant Techpress.
Cohen, M., D. Bilby and G. Caronni. 2011. Distributed Forensics And Incident Response In The Enterprise. Digital Investigation. 8: S101-S110.
Flores, D., O. Angelopoulou and R. J. 2012. Self. Combining Digital Forensic Practices and Database Analysis as an Anti-Money Laundering Strategy for Financial Institutions. Emerging Intelligent Data and Web Technologies (EIDWT), 2012 Third International Conference on: IEEE. 218-224.
Pollitt, M. 1995. Computer Forensics: An Approach To Evidence In Cyberspace. Proceedings of the National Information Systems Security Conference. 487-491.
Kruse II, W. G. and J. G. Heiser. 2001. Computer Forensics: Incident Response Essentials: Pearson Education.
Palmer, G. 2001. A Road Map For Digital Forensic Research. First Digital Forensic Research Workshop, Utica, New York. 27-30.
Reith, M., C. Carr and G. Gunsch. 2002. An Examination Of Digital Forensic Models. International Journal of Digital Evidence. 1(3): 1-12.
Carrier, B. and E. H. Spafford. 2003. Getting Physical With The Digital Investigation Process. International Journal of digital evidence. 2(2): 1-20.
Baryamureeba, V. and F. Tushabe. 2004. The Enhanced Digital Investigation Process Model. Proceedings of the Fourth Digital Forensic Research Workshop: Citeseer. 1-9.
Ciardhuáin, S. Ó. 2004. An Extended Model Of Cybercrime Investigations. International Journal of Digital Evidence. 3(1): 1-22.
Carrier, B. and E. H. Spafford. 2004. An Event-Based Digital Forensic Investigation Framework. Digital Forensic Research Workshop. 11-13.
Köhn, M., M. S. Olivier and J. H. Eloff. 2006. Framework for a Digital Forensic Investigation. ISSA. 1-7.
Freiling, F. C. and B. Schwittay. 2007. A Common Process Model for Incident Response and Computer Forensics. IMF. 7: 19-40.
Perumal, S. 2009. Digital Forensic Model Based On Malaysian Investigation Process. International Journal of Computer Science and Network Security. 9(8): 38-44.
Kohn, M. D., M. M. Eloff and J. H. Eloff. 2013. Integrated Digital Forensic Process Model. Computers & Security. 38: 103-115.
Tripathi, S. and B. B. Meshram. 2012. Digital Evidence for Database Tamper Detection. Journal of Information Security. 3: 113.
Son, N., K.-g. Lee, S. Jeon, H. Chung, et al. 2011. The Method of Database Server Detection and Investigation in the Enterprise Environment. Secure and Trust Computing, Data Management and Applications. Springer. 164-171.
Azemović, J. and D. Mušić. 2009. Efficient Model For Detection Data And Data Scheme Tempering With Purpose Of Valid Forensic Analysis. 2009 International Conference on Computer Engineering and Applications (ICCEA 2009).
Azemovic, J. and D. Music. 2010. Methods for Efficient Digital Evidences Collecting of Business Proceses and Users Activity in eLearning Enviroments. e-Education, e-Business, e-Management, and e-Learning, 2010. IC4E'10. International Conference on: IEEE. 126-130.
Lee, G. T., S. Lee, E. Tsomko and S. Lee. 2007. Discovering Methodology and Scenario to Detect Covert Database System. Future Generation Communication and Networking (FGCN 2007): IEEE. 130-135.
Lee, K. and M. R. Boddington. 2012. A Workflow to Support Forensic Database Analysis.
von Alan, R. H., S. T. March, J. Park and S. Ram. 2004. Design Science In Information Systems Research. MIS quarterly. 28(1): 75-105.
Othman, S. H. and G. Beydoun. 2010. Metamodelling Approach To Support Disaster Management Knowledge Sharing.
March, S. T. and G. F. Smith. 1995. Design And Natural Science Research On Information Technology. Decision support systems. 15(4): 251-266.
De Kok, D. 2010. Feature Selection For Fluency Ranking. Proceedings of the 6th International Natural Language Generation Conference: Association for Computational Linguistics. 155-163.
Kent, K., S. Chevalier, T. Grance and H. Dang. 2006. Guide To Integrating Forensic Techniques Into Incident Response. NIST Special Publication. 800-86.
Pilli, E. S., R. C. Joshi and R. Niyogi. 2010. Network Forensic Frameworks: Survey And Research Challenges. Digital Investigation. 7(1): 14-27.
Ali, A., A. Al-Dhaqm and S. A. Razak. 2014. Detecting Threats in Network Security by Analyzing Network Packets using Wireshark. Proceeding International Conference of Recent Trends in Information and Communication Technologies. IRICT 2014.
Bregu, J., D. Conklin, E. Coronado, M. Terrill, et al. 2013. Analytical Thresholds and Sensitivity: Establishing RFU Thresholds for Forensic DNA Analysis. Journal of Forensic Sciences. 58(1): 120-129.
Lee, K.-g., A. Savoldi, P. Gubian, K. S. Lim, et al. 2008. Methodologies For Detecting Covert Database. Intelligent Information Hiding and Multimedia Signal Processing, 2008. IIHMSP'08 International Conference on: IEEE. 538-541.
Snodgrass, R. T., S. S. Yao and C. Collberg. 2004. Tamper Detection In Audit Logs. Proceedings of the Thirtieth international conference on Very large data bases-Volume 30: VLDB Endowment. 504-515.
Fruhwirt, P., M. Huber, M. Mulazzani and E. R. Weippl. 2010. Innodb Database Forensics. Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on: IEEE. 1028-1036.
Basu, A. 2006. Forensic Tamper Detection In SQL Server.
Khanuja, H. K. and D. S. Adane. 2014. Forensic Analysis for Monitoring Database Transactions. Security in Computing and Communications. Springer. 201-210.
Frühwirt, P., P. Kieseberg, S. Schrittwieser, M. Huber, et al. 2013. InnoDB Database Forensics: Enhanced Reconstruction Of Data Manipulation Queries From Redo Logs. Information Security Technical Report. 17(4): 227-238.
Xu, M., J. Yao, Y. Ren, J. Xu, et al. 2014. A Reconstructing Android User Behavior Approach based on YAFFS2 and SQLite. Journal of Computers. 9(10): 2294-2302.
Pavlou, K. E. and R. T. Snodgrass. 2008. Forensic Analysis Of Database Tampering. ACM Transactions on Database Systems (TODS). 33(4): 30.
Downloads
Published
Issue
Section
License
Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.