Generalizing database forensics

Kyriacos E. Pavlou, Richard T. Snodgrass

Research output: Contribution to journalArticle

9 Scopus citations

Abstract

In this article we present refinements on previously proposed approaches to forensic analysis of database tampering.We significantly generalize the basic structure of these algorithms to admit new characterizations of the "where" axis of the corruption diagram. Specifically, we introduce page-based partitioning as well as attribute-based partitioning along with their associated corruption diagrams. We compare the structure of all the forensic analysis algorithms and discuss the various design choices available with respect to forensic analysis. We characterize the forensic cost of the newly introduced algorithms, compare their forensic cost, and give our recommendations. We then introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. The result is a generalization of these algorithms and an overarching characterization of the process of database forensic analysis, thus providing a context within the overall operation of a DBMS for all existing forensic analysis algorithms.

Original languageEnglish (US)
Article number12
JournalACM Transactions on Database Systems
Volume38
Issue number2
DOIs
StatePublished - Jun 1 2013

Keywords

  • A3D Algorithm
  • Attribute-based partitioning
  • Compliant records
  • Corruption event taxonomy
  • Forensic analysis algorithm
  • Forensic analysis protocol
  • Forensic cost
  • Monochromatic Algorithm
  • Page-based partitioning

ASJC Scopus subject areas

  • Information Systems

Fingerprint Dive into the research topics of 'Generalizing database forensics'. Together they form a unique fingerprint.

  • Cite this