Abstract
Since information is often a primary target in a computer crime, organizations that store their information in database management systems (DBMSs) must develop a capability to perform database forensics. This paper describes a database forensic method that transforms a DBMS into the required state for a database forensic investigation. The method segments a DBMS into four abstract layers that separate the various levels of DBMS metadata and data. A forensic investigator can then analyze each layer for evidence of malicious activity. Tests performed on a compromised PostgreSQL DBMS demonstrate that the segmentation method provides a means for extracting the compromised DBMS components.
Chapter PDF
Similar content being viewed by others
References
E. Casey and S. Friedberg, Moving forward in a changing landscape, Digital Investigation, vol. 3(1), pp. 1–2, 2006.
Databasesecurity.com, Oracle forensics (www.databasesecurity.com/oracle-forensics.htm), 2007.
K. Fowler, Forensic analysis of a SQL Server 2005 Database Server, InfoSec Reading Room, SANS Institute, Bethesda, Maryland, 2007.
R. Koen and M. Olivier, An evidence acquisition tool for live systems, in Advances in Digital Forensics IV, I. Ray and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 325–334, 2008.
D. Litchfield, The Oracle Hacker’s Handbook: Hacking and Defending Oracle, Wiley, Indianapolis, Indiana, 2007.
D. Litchfield, C. Anley, J. Heasman and B. Grindlay, The Database Hacker’s Handbook: Defending Database Servers, Wiley, Indianapolis, Indiana, 2005.
M. Olivier, On metadata context in database forensics, Digital Investigation, vol. 5(3-4), pp. 115–123, 2009.
Quest Software, Oracle DBA Checklists: Pocket Reference, O’Reilly, Sebastopol, California, 2001.
P. Rob and C. Coronel, Database Systems: Design, Implementation and Management, Thomson Course Technology, Boston, Massachusetts, 2009.
U.S. Department of Justice, Electronic Crime Scene Investigation: A Guide for First Responders, Washington, DC (www.ncjrs.gov/pdf files1/nij/187736.pdf), 2001.
P. Wright, Using Oracle forensics to determine vulnerability to zero-day exploits, InfoSec Reading Room, SANS Institute, Bethesda, Maryland, 2007.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Beyers, H., Olivier, M., Hancke, G. (2011). Assembling Metadata for Database Forensics. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics VII. DigitalForensics 2011. IFIP Advances in Information and Communication Technology, vol 361. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24212-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-24212-0_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24211-3
Online ISBN: 978-3-642-24212-0
eBook Packages: Computer ScienceComputer Science (R0)