&amp;#x201C;Role of metadata in forensic analysis of database attacks&amp;#x201C;

Khanuja, Harmeet Kaur; Suratkar, Shraddha

doi:10.1109/iadcc.2014.6779367

Cited by 11 publications

(11 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Son [11] presented a model to detect and investigate malicious activities in a database server, which comprises three investigation processes, namely: Server Detection, Data Collection, and Investigation of Data Collected. Extending the detection process model, a four-process investigation model was proposed in [12]. The processes in this model included Collection and Preservation, Analysis of Anti-forensic Attacks, Analysis of Database Attack, and Preserving Evidence Report.…”

Section: Background and Related Workmentioning

confidence: 99%

“…The Collect Suspect Database System proposed in [37] allows investigators to collect and extract suspected database management system data and move it to a secure area for further forensic investigation. The Collection and Preservation process proposed in [12] allows investigators to collect detailed multiple logs of SQL, MySQL and operating systems. The Collection process that was proposed in [38] is used to gather evidence by replicating sources.…”

Section: Database Identificationmentioning

confidence: 99%

See 1 more Smart Citation

Categorization and Organization of Database Forensic Investigation Processes

et al. 2020

View full text Add to dashboard Cite

Database forensic investigation (DBFI) is an important area of research within digital forensics. It's importance is growing as digital data becomes more extensive and commonplace. The challenges associated with DBFI are numerous, and one of the challenges is the lack of a harmonized DBFI process for investigators to follow. In this paper, therefore, we conduct a survey of existing literature with the hope of understanding the body of work already accomplished. Furthermore, we build on the existing literature to present a harmonized DBFI process using design science research methodology. This harmonized DBFI process has been developed based on three key categories (i.e. planning, preparation and pre-response, acquisition and preservation, and analysis and reconstruction). Furthermore, the DBFI has been designed to avoid confusion or ambiguity, as well as providing practitioners with a systematic method of performing DBFI with a higher degree of certainty. INDEX TERMS Database forensics, database forensic investigation, digital forensics, investigation process model.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Database Identificationmentioning

confidence: 99%

Categorization and Organization of Database Forensic Investigation Processes

et al. 2020

View full text Add to dashboard Cite

show abstract

“…A rebuilding tool was presented by [53] to rebuild original database schema when databases have been compromised or destroyed. A model to collect, preserve, and analyse database metadata and database attacks was proposed by [42] that consists of four investigation processes: collection and preservation, analysis of anti-forensic attacks, analysis of database attacks, and preserving evidence reports. Additionally, [41] proposed a model to reconstruct database events and detect intruder activities that consisted of two investigation processes: collection and reconstructing evidence.…”

Section: Database Forensic Models Overviewmentioning

confidence: 99%

“…The ''Collect suspect database system'' process proposed by [4] allows investigators to collect and extract suspect database management system data and move it to a secure area for further forensic investigation. The ''Collection and Preservation Process'' proposed by [42] is used to collect log files (database files, transaction logs, cache files, text files, binary log files, error log files, server error logs, and memory dumps,) and protect metadata collected from log files. The ''Collection'' process proposed by [41] is used to gather evidence by replicating investigation sources.…”

Section: ) Redundant and Irrelevant Investigation Processesmentioning

confidence: 99%

Database Forensic Investigation Process Models: A Review

et al. 2020

View full text Add to dashboard Cite

Database Forensic Investigation (DBFI) involves the identification, collection, preservation, reconstruction, analysis, and reporting of database incidents. However, it is a heterogeneous, complex, and ambiguous field due to the variety and multidimensional nature of database systems. A small number of DBFI process models have been proposed to solve specific database scenarios using different investigation processes, concepts, activities, and tasks as surveyed in this paper. Specifically, we reviewed 40 proposed DBFI process models for RDBMS in the literature to offer up-to-date and comprehensive background knowledge on existing DBFI process model research, their associated challenges, issues for newcomers, and potential solutions for addressing such issues. This paper highlights three common limitations of the DBFI domain, which are: 1) redundant and irrelevant investigation processes; 2) redundant and irrelevant investigation concepts and terminologies; and 3) a lack of unified models to manage, share, and reuse DBFI knowledge. Also, this paper suggests three solutions for the discovered limitations, which are: 1) propose generic DBFI process/model for the DBFI field; 2) develop a semantic metamodeling language to structure, manage, organize, share, and reuse DBFI knowledge; and 3) develop a repository to store and retrieve DBFI field knowledge. INDEX TERMS Database forensic, digital forensic, investigation process model.

show abstract

“…For example, the following are concepts that are clustered based on similar meaning: “ Reconstructing database” in model [ 23 ]; “ Reconstruction ” in models [ 22 ], [ 3 ], [ 27 ], [ 95 , 96 ]; “ Reconstruction event ” in model [ 60 ]; and “ Reconstructing ” concept in model [ 66 ]. To provide another example, the “ Capture ” concept has been mentioned in three models [ 94 ], [ 97 ], [ 24 ], together with its synonym “ Seizure ” mentioned in the model [ 44 ].…”

Section: 0 Metamodelling Database Forensicsmentioning

confidence: 99%

Development and validation of a Database Forensic Metamodel (DBFM)

et al. 2017

View full text Add to dashboard Cite

Database Forensics (DBF) is a widespread area of knowledge. It has many complex features and is well known amongst database investigators and practitioners. Several models and frameworks have been created specifically to allow knowledge-sharing and effective DBF activities. However, these are often narrow in focus and address specified database incident types. We have analysed 60 such models in an attempt to uncover how numerous DBF activities are really public even when the actions vary. We then generate a unified abstract view of DBF in the form of a metamodel. We identified, extracted, and proposed a common concept and reconciled concept definitions to propose a metamodel. We have applied a metamodelling process to guarantee that this metamodel is comprehensive and consistent.

show abstract

“Role of metadata in forensic analysis of database attacks“

Cited by 11 publications

References 8 publications

Categorization and Organization of Database Forensic Investigation Processes

Categorization and Organization of Database Forensic Investigation Processes

Database Forensic Investigation Process Models: A Review

Development and validation of a Database Forensic Metamodel (DBFM)

Contact Info

Product

Resources

About