Generalizing database forensics

Kyriacos E. Pavlou, Richard Thomas Snodgrass

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

In this article we present refinements on previously proposed approaches to forensic analysis of database tampering.We significantly generalize the basic structure of these algorithms to admit new characterizations of the "where" axis of the corruption diagram. Specifically, we introduce page-based partitioning as well as attribute-based partitioning along with their associated corruption diagrams. We compare the structure of all the forensic analysis algorithms and discuss the various design choices available with respect to forensic analysis. We characterize the forensic cost of the newly introduced algorithms, compare their forensic cost, and give our recommendations. We then introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. The result is a generalization of these algorithms and an overarching characterization of the process of database forensic analysis, thus providing a context within the overall operation of a DBMS for all existing forensic analysis algorithms.

Original languageEnglish (US)
Article number12
JournalACM Transactions on Database Systems
Volume38
Issue number2
DOIs
StatePublished - Jun 2013

Fingerprint

Taxonomies
Costs

Keywords

  • A3D Algorithm
  • Attribute-based partitioning
  • Compliant records
  • Corruption event taxonomy
  • Forensic analysis algorithm
  • Forensic analysis protocol
  • Forensic cost
  • Monochromatic Algorithm
  • Page-based partitioning

ASJC Scopus subject areas

  • Information Systems

Cite this

Generalizing database forensics. / Pavlou, Kyriacos E.; Snodgrass, Richard Thomas.

In: ACM Transactions on Database Systems, Vol. 38, No. 2, 12, 06.2013.

Research output: Contribution to journalArticle

@article{02453334e68d459c95889ee16b3d3b87,
title = "Generalizing database forensics",
abstract = "In this article we present refinements on previously proposed approaches to forensic analysis of database tampering.We significantly generalize the basic structure of these algorithms to admit new characterizations of the {"}where{"} axis of the corruption diagram. Specifically, we introduce page-based partitioning as well as attribute-based partitioning along with their associated corruption diagrams. We compare the structure of all the forensic analysis algorithms and discuss the various design choices available with respect to forensic analysis. We characterize the forensic cost of the newly introduced algorithms, compare their forensic cost, and give our recommendations. We then introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. The result is a generalization of these algorithms and an overarching characterization of the process of database forensic analysis, thus providing a context within the overall operation of a DBMS for all existing forensic analysis algorithms.",
keywords = "A3D Algorithm, Attribute-based partitioning, Compliant records, Corruption event taxonomy, Forensic analysis algorithm, Forensic analysis protocol, Forensic cost, Monochromatic Algorithm, Page-based partitioning",
author = "Pavlou, {Kyriacos E.} and Snodgrass, {Richard Thomas}",
year = "2013",
month = "6",
doi = "10.1145/2487259.2487264",
language = "English (US)",
volume = "38",
journal = "ACM Transactions on Database Systems",
issn = "0362-5915",
publisher = "Association for Computing Machinery (ACM)",
number = "2",

}

TY - JOUR

T1 - Generalizing database forensics

AU - Pavlou, Kyriacos E.

AU - Snodgrass, Richard Thomas

PY - 2013/6

Y1 - 2013/6

N2 - In this article we present refinements on previously proposed approaches to forensic analysis of database tampering.We significantly generalize the basic structure of these algorithms to admit new characterizations of the "where" axis of the corruption diagram. Specifically, we introduce page-based partitioning as well as attribute-based partitioning along with their associated corruption diagrams. We compare the structure of all the forensic analysis algorithms and discuss the various design choices available with respect to forensic analysis. We characterize the forensic cost of the newly introduced algorithms, compare their forensic cost, and give our recommendations. We then introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. The result is a generalization of these algorithms and an overarching characterization of the process of database forensic analysis, thus providing a context within the overall operation of a DBMS for all existing forensic analysis algorithms.

AB - In this article we present refinements on previously proposed approaches to forensic analysis of database tampering.We significantly generalize the basic structure of these algorithms to admit new characterizations of the "where" axis of the corruption diagram. Specifically, we introduce page-based partitioning as well as attribute-based partitioning along with their associated corruption diagrams. We compare the structure of all the forensic analysis algorithms and discuss the various design choices available with respect to forensic analysis. We characterize the forensic cost of the newly introduced algorithms, compare their forensic cost, and give our recommendations. We then introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. The result is a generalization of these algorithms and an overarching characterization of the process of database forensic analysis, thus providing a context within the overall operation of a DBMS for all existing forensic analysis algorithms.

KW - A3D Algorithm

KW - Attribute-based partitioning

KW - Compliant records

KW - Corruption event taxonomy

KW - Forensic analysis algorithm

KW - Forensic analysis protocol

KW - Forensic cost

KW - Monochromatic Algorithm

KW - Page-based partitioning

UR - http://www.scopus.com/inward/record.url?scp=84880389355&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84880389355&partnerID=8YFLogxK

U2 - 10.1145/2487259.2487264

DO - 10.1145/2487259.2487264

M3 - Article

AN - SCOPUS:84880389355

VL - 38

JO - ACM Transactions on Database Systems

JF - ACM Transactions on Database Systems

SN - 0362-5915

IS - 2

M1 - 12

ER -