Database forensic analysis through internal structure carving

Wagner, James; Rasin, Alexander; Grier, Jonathan

doi:10.1016/j.diin.2015.05.013

Cited by 39 publications

(21 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Internal database investigation MariaDB requires knowledge to interpret every bit contained in each table in the database [4,8]. Digital forensic analysis is not possible without a good understanding of the properties of the MariaDB table [12].…”

Section: Results Of Internal Investigationsmentioning

confidence: 99%

“…The internal investigation includes checking the database engine which is the default used by MariaDB [4]. MariaDB stores all information on each table into the .frm file.…”

Section: Internal Investigationmentioning

confidence: 99%

“…This information is crucial and is used as the main tool to make decisions about the performance of employees in the company [3]. Results and information on forensic databases can be used for several reasons [4,5]. First, find out how safe the data in the company is stored.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Digital Forensic InnoDB Database Engine for Employee Performance Appraisal Application

2019

View full text Add to dashboard Cite

Data is something that can be manipulated by irresponsible people and causing fraud. The use of log files, data theft, unauthorized person, and infiltration are things that should be prevented before the problem occurs. The authenticity of application data that evaluates the performance of company employees is very crucial. This paper will explain how to maintain the company’s big data as a valid standard service to assess employee performance database, based on employee performance of MariaDB or MySQL 5.0.11 with InnoDB storage engine. The authenticity of data is required for decent digital evidence when sabotage occurs. Digital forensic analysis carried out serves to reveal past activities, record time and be able to recover deleted data in the InnoDB storage engine table. A comprehensive examination is carried out by looking at the internal and external aspects of the Relational Database Management System (RDBMS). The result of this research is in the form of forensic tables in the InnoDB engine before and after sabotage occurs.

show abstract

Section: Results Of Internal Investigationsmentioning

confidence: 99%

“…The internal investigation includes checking the database engine which is the default used by MariaDB [4]. MariaDB stores all information on each table into the .frm file.…”

Section: Internal Investigationmentioning

confidence: 99%

See 1 more Smart Citation

Digital Forensic InnoDB Database Engine for Employee Performance Appraisal Application

2019

View full text Add to dashboard Cite

show abstract

“…First of all, reactive database forensics is comprised of bottom-up methods that adapt traditional digital forensics techniques for recovering scattered pieces of evidence in order to reconstruct the database state [7]. Examples of these methods are table-relationship analysis [8] and data file carving [9]. However, these methods either lack formalisation and scientific background [10], or may not be suitable for investigating databases [11].…”

Section: Introductionmentioning

confidence: 99%

Implementing Chain of Custody Requirements in Database Audit Records for Forensic Purposes

Flores

Jhumka

2017

2017 IEEE Trustcom/BigDataSE/Icess

View full text Add to dashboard Cite

“…It is possible to retrieve data from databases by other means. In the study of [24], some work has been done on recovering data from DBMS structures. Another subject to consider is compressed data within databases.…”

Section: Releated Workmentioning

confidence: 99%

Investigation and Automating Extraction of Thumbnails Produced by Image Viewers

Meer¹,

Choo

Kechadi

et al. 2017

2017 IEEE Trustcom/BigDataSE/Icess

View full text Add to dashboard Cite

Today, in digital forensics, images normally provide important information within an investigation. However, not all images may still be available within a forensic digital investigation as they were all deleted for example. Data carving can be used in this case to retrieve deleted images but the carving time is normally significant and these images can be moreover overwritten by other data. One of the solutions is to look at thumbnails of images that are no longer available. These thumbnails can often be found within databases created by either operating systems or image viewers. In literature, most research and practical focus on the extraction of thumbnails from databases created by the operating system. There is a little research working on the thumbnails created by the image reviewers as these thumbnails are application-driven in terms of pre-defined sizes, adjustments and storage location. Eventually, thumbnail databases from image viewers are significant forensic artefacts for investigators as these programs deal with large amounts of images. However, investigating these databases so far is still manual or semi-automatic task that leads to the huge amount of forensic time. Therefore, in this paper we propose a new approach of automating extraction of thumbnails produced by image viewers. We also test our approach with popular image viewers in different storage structures and locations to show its robustness.

show abstract

Database forensic analysis through internal structure carving

Cited by 39 publications

References 11 publications

Digital Forensic InnoDB Database Engine for Employee Performance Appraisal Application

Digital Forensic InnoDB Database Engine for Employee Performance Appraisal Application

Implementing Chain of Custody Requirements in Database Audit Records for Forensic Purposes

Investigation and Automating Extraction of Thumbnails Produced by Image Viewers

Contact Info

Product

Resources

About