Partitioned storage for temporal databases
Information Systems
Secure audit logs to support computer forensics
ACM Transactions on Information and System Security (TISSEC)
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Temporal Specialization and Generalization
IEEE Transactions on Knowledge and Data Engineering
Ivy: a read/write peer-to-peer file system
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Fossilized index: the linchpin of trustworthy non-alterable electronic records
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Immortal DB: transaction time support for SQL server
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Fast and secure distributed read-only file system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Tamper detection in audit logs
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Research methods in computing: what are they, and how should we teach them?
ITiCSE-WGR '06 Working group reports on ITiCSE on Innovation and technology in computer science education
Threats to privacy in the forensic analysis of database systems
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
Forensic analysis of database tampering
ACM Transactions on Database Systems (TODS)
Efficient data structures for tamper-evident logging
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Generalizing database forensics
ACM Transactions on Database Systems (TODS)
| Hi-index | 0.00 |
Mechanisms now exist that detect tampering of a database, through the use of cryptographically-strong hash functions. This paper addresses the next problem, that of determining who, when, and what, by providing a systematic means of performing forensic analysis after such tampering has been uncovered. We introduce a schematic representation termed a "corruption diagram" that aids in intrusion investigation. We use these diagrams to fully analyze the original proposal, that of a linked sequence of hash values. We examine the various kinds of intrusions that are possible, including retroactive, introactive, backdating, and postdating intrusions. We then introduce successively more sophisticated forensic analysis algorithms: the monochromatic, RGB, and polychromatic algorithms, and characterize the "forensic strength" of these algorithms. We show how forensic analysis can efficiently extract a good deal of information concerning a corruption event.