File System Forensic Analysis
Forensic analysis of database tampering
ACM Transactions on Database Systems (TODS)
AINA '10 Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications
Trees Cannot Lie: Using Data Structures for Forensics Purposes
EISIC '11 Proceedings of the 2011 European Intelligence and Security Informatics Conference
Using the HFS+ journal for deleted file recovery
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.01 |
Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. This is, as an example, an important basic requirement for SOX (Sarbanes--Oxley Act) compliance, whereby every past transaction has to be traceable at any time. However, malicious database administrators may still be able to bypass the security mechanisms to make hidden modifications to the database. In this paper we define a novel signature of a B+-Tree, a widely-used storage structure in database management systems, and propose its utilization for supporting the logging in databases. This additional logging mechanism is especially useful in combination with forensic techniques that directly target the underlying tree-structure of an index. The applicability of the approach is demonstrated by proposing techniques for applying this signature in the context of digital forensics on B+-Trees.