HOME

TheInfoList



Click Here for Items Related To - Database forensics
OR:
Database forensics on:   [Wikipedia]   [Google]   [Amazon]

Database forensics is a branch of digital forensic science relating to the forensic study of
databases In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and ana ...
and their related
metadata Metadata (or metainformation) is "data that provides information about other data", but not the content of the data itself, such as the text of a message or the image itself. There are many distinct types of metadata, including: * Descriptive ...
. The discipline is similar to
computer forensics Computer forensics (also known as computer forensic science) is a branch of digital forensics, digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital me ...
, following the normal forensic process and applying investigative techniques to database contents and metadata. Cached information may also exist in a servers RAM requiring live analysis techniques. A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of wrongdoing, such as fraud. Software tools can be used to manipulate and analyse data. These tools also provide audit logging capabilities which provide documented proof of what tasks or analysis a forensic examiner performed on the database. As of 2008, many database software tools are in general not reliable and precise enough to be used for forensic work as demonstrated in the first paper published on database forensics. As of 2008, there was only a single book published in this field, though more are destined. Additionally there is a subsequent ''SQL Server Forensics'' book by Kevvie Fowler which is also well regarded. The forensic study of relational databases requires a knowledge of the standard used to encode data on the computer disk. A documentation of standards used to encode information in well-known brands of DB such as SQL Server and Oracle has been contributed to the public domain. Others include Apex Analytix. Because the forensic analysis of a database is not executed in isolation, the technological framework within which a subject database exists is crucial to understanding and resolving questions of data authenticity and integrity especially as it relates to database users.


Further reading

* Farmer and Venema, 1999, http://www.porcupine.org/forensics/forensic-discovery/appendixB.html * Sarbanes Oxley section 404 – enforce financial standards to limit chance of fraud. http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/ * HIPAA – Health and Portability Act https://web.archive.org/web/20051219200504/http://www.cms.hhs.gov/hipaa/ * Fair Credit Reporting Act (FCRA) http://www.gao.gov/new.items/d06674.pdf * Oracle Forensics In a Nutshell, Paul M. Wright (May 2007) http://www.oracleforensics.com/wordpress/wp-content/uploads/2007/03/OracleForensicsInANutshell.pdf * Oracle Forensics, Paul Wright, Rampant Techpress, , May 2008. http://www.rampant-books.com/book_2007_1_oracle_forensics.htm


References

{{DEFAULTSORT:Database Forensics
Forensics Forensic science combines principles of law and science to investigate criminal activity. Through crime scene investigations and laboratory analysis, forensic scientists are able to link suspects to evidence. An example is determining the time and ...
Digital forensics