Assembling Metadata for Database Forensics

Beyers, Hector; Olivier, Martin S.; Hancke, Gerhard P.

doi:10.1007/978-3-642-24212-0_7

Cited by 14 publications

(8 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The papers featured covered a range of topics relating to database forensics. Beyers et al discussed the creation of a method to separate the different layers of data and metadata to prepare a database management system for forensic examination (Beyers et al, 2011). In a similar vein, Fasan et al demonstrated how a database reconstruction algorithm can be utilized to reconstruct a database allowing an examination to be performed (Fasan and Olivier, 2012a, b).…”

Section: Database Forensicsmentioning

confidence: 98%

Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations

Frühwirt

Kieseberg

Krombholz

et al. 2014

Digital Investigation

View full text Add to dashboard Cite

Section: Database Forensicsmentioning

confidence: 98%

Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations

Frühwirt

Kieseberg

Krombholz

et al. 2014

Digital Investigation

View full text Add to dashboard Cite

“…Moreover, there is a large amount of extremely critical data stored in the database; the suspects often disguise the key fields and the data of the website. If the investigators use conventional methods, it is difficult to find and access relevant data case at the first time [9]. The research on database forensics mainly includes the following aspects: 1) Database forensics technology focusing on the database recovery, operation log forensics process, such as Al-Dhaqm defines a model from the identification, collection, storage, analysis process and record database of digital evidence, reconstruction [10]; Fasan & Fruhwirt restored data approach to obtain evidence through a database query log reconstruction [11,12].…”

Section: Realted Workmentioning

confidence: 99%

A Method of Mining Key Accounts from Internet Pyramid Selling Data

2019

Teh. vjesn.

View full text Add to dashboard Cite

Internet pyramid selling causes great harm and has difficulty in obtaining evidence. As most of internet pyramid selling often uses virtual coins to complete cash settlement, criminals can exchange virtual coins by controlling visual accounts to transfer funds illegally. The purpose of the work is to mine the key accounts and build evidence chain of personnel and funds. In order to deal with a large number of transaction data, we characterize the virtual currency trading data, which is divided into seven transaction characteristics. The key accounts are these outliers which have too prominent trading behaviour. So we use positive samples to train One Class Support Vector Machine (OCSVM) classification to find trading behaviours' boundary and detect outliers in classification. Then, the correlation between member's information and pyramid selling hierarchical relationship can also be obtained by further linking the trading behaviour of key accounts. Finally, we can screen out the virtual accounts directly controlled by the pyramid selling organization, analyse the flow of funds, investigate and obtain evidence on amount of money involved in pyramid selling. The experimental results show that the classification model cannot only establish the normal model for account transfer behaviour, but also effectively identify abnormal transfer behaviour, thus improving efficiency of investigation and evidence collection for economic investigation departments.

show abstract

“…A compromised database is a database in which some metadata or DBMS software have been modified by an attacker although the database may still be operational. Olivier [14] and Beyers, et al [2] have pointed out that, although a database itself may be the best tool for collecting data for forensic analysis of the database, the integrity of the results obtained cannot be guaranteed because the database could have been modified into giving false information. Litchfield [12] also identified this problem when discussing the steps for performing a live response to an attack on an Oracle database.…”

Section: Dimensions Of Database Forensicsmentioning

confidence: 99%

“…Database forensics is the branch of digital forensics [11,15] that deals with the identification, preservation, analysis and presentation of evidence from databases [8]. Over the past few years, researchers [2,14] have emphasized the need to incorporate database forensic analysis as part of traditional digital forensics due to the amount of information that is often retrieved from a database during an investigation. Although considerable research has been conducted in the area of database forensics, much work remains to be done with regard to formalizing the database forensic process.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Schema Reconstruction in Database Forensics

Adedayo

Olivier

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Part 2: Forensic TechniquesInternational audienceAlthough considerable research has been conducted in the area of data- base forensics over the past few years, several aspects of database forensics remain to be considered. One of the challenges facing database forensics is that the results of forensic analysis may be inconsistent with the raw data contained in a database because of changes made to the metadata. This paper describes the various types of changes that can be made to a database schema by an attacker and shows how metadata changes can affect query results. Techniques for reconstructing the original database schema are also described

show abstract

Assembling Metadata for Database Forensics

Cited by 14 publications

References 3 publications

Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations

Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations

A Method of Mining Key Accounts from Internet Pyramid Selling Data

Schema Reconstruction in Database Forensics

Contact Info

Product

Resources

About