Forensic analysis of database tampering

Kyriacos Pavlou, Richard Thomas Snodgrass

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Scopus citations

Abstract

Mechanisms now exist that detect tampering of a database, through the use of cryptographically-strong hash functions. This paper addresses the next problem, that of determining who, when, and what, by providing a systematic means of performing forensic analysis after such tampering has been uncovered. We introduce a schematic representation termed a "corruption diagram" that aids in intrusion investigation. We use these diagrams to fully analyze the original proposal, that of a linked sequence of hash values. We examine the various kinds of intrusions that are possible, including retroactive, introactive, backdating, and postdating intrusions. We then introduce successively more sophisticated forensic analysis algorithms: the monochromatic, RGB, and polychromatic algorithms, and characterize the "forensic strength" of these algorithms. We show how forensic analysis can efficiently extract a good deal of information concerning a corruption event.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM SIGMOD International Conference on Management of Data
Pages109-120
Number of pages12
DOIs
Publication statusPublished - 2006
Event2006 ACM SIGMOD International Conference on Management of Data - Chicago, IL, United States
Duration: Jun 27 2006Jun 29 2006

Other

Other2006 ACM SIGMOD International Conference on Management of Data
CountryUnited States
CityChicago, IL
Period6/27/066/29/06

    Fingerprint

Keywords

  • Append-only
  • Corruption diagram
  • Cryptographic hash function
  • Forensic strength

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Pavlou, K., & Snodgrass, R. T. (2006). Forensic analysis of database tampering. In Proceedings of the ACM SIGMOD International Conference on Management of Data (pp. 109-120) https://doi.org/10.1145/1142473.1142487