2017 IEEE Trustcom/BigDataSE/Icess 2017
DOI: 10.1109/trustcom/bigdatase/icess.2017.299
|View full text |Cite
|
Sign up to set email alerts
|

Implementing Chain of Custody Requirements in Database Audit Records for Forensic Purposes

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
13
0

Year Published

2018
2018
2024
2024

Publication Types

Select...
3
2
1

Relationship

1
5

Authors

Journals

citations
Cited by 7 publications
(13 citation statements)
references
References 24 publications
0
13
0
Order By: Relevance
“…Although, such architectures have been already proposed [1] [13] [14][15] [16], none of them considered Chain of Custody (CoC) properties and their implication in the admissibility of audit records as digital evidence. Our current research is focused on the design and deployment of such an architecture, based on previous work developed in [6], where a vector-clock (VC) mechanism [17] was used for tracking DML operations' provenance and causality, producing audit records within a forensically-ready database architecture. Nonetheless, beyond the evident scalability issue between the VC timestamp size and the number of audit tables, this mechanism also introduced precision issues and uncertain causal observations [18] because these are designed to enable operation ordering rather than, in fact, determining the actual physical time of their occurrence.…”
Section: Background and Related Workmentioning
confidence: 99%
See 4 more Smart Citations
“…Although, such architectures have been already proposed [1] [13] [14][15] [16], none of them considered Chain of Custody (CoC) properties and their implication in the admissibility of audit records as digital evidence. Our current research is focused on the design and deployment of such an architecture, based on previous work developed in [6], where a vector-clock (VC) mechanism [17] was used for tracking DML operations' provenance and causality, producing audit records within a forensically-ready database architecture. Nonetheless, beyond the evident scalability issue between the VC timestamp size and the number of audit tables, this mechanism also introduced precision issues and uncertain causal observations [18] because these are designed to enable operation ordering rather than, in fact, determining the actual physical time of their occurrence.…”
Section: Background and Related Workmentioning
confidence: 99%
“…To detect malicious insider actions within our proposed architecture, Chain-of-Custody (CoC) must be enforced, requiring the following important properties as defined in [6]: (i) role segregation, (ii) DML operation provenance, (iii) event timelining and (iv) causality. As a result, audit records can be used as digital evidence to attribute malicious insider actions against a transactional database N DB .…”
Section: Formalising the Proposed Architecturementioning
confidence: 99%
See 3 more Smart Citations