Digital Evidence for Database Tamper Detection

Shweta Tripathi, Bandu Baburao Meshram
2012 Journal of Information Security  
Most secure database is the one you know the most. Tamper detection compares the past and present status of the system and produces digital evidence for forensic analysis. Our focus is on different methods or identification of different locations in an oracle database for collecting the digital evidence for database tamper detection. Starting with the basics of oracle architecture, continuing with the basic steps of forensic analysis the paper elaborates the extraction of suspicious locations
more » ... oracle. As a forensic examiner, collecting digital evidence in a database is a key factor. Planned and a modelled way of examination will lead to a valid detection. Based on the literature survey conducted on different aspects of collecting digital evidence for database tamper detection, the paper proposes a block diagram which may guide a database forensic examiner to obtain the evidences. The Oracle database uses a number of physical storage structures on disk to hold and manage the data from user transactions. Some of these storage structures, such as the datafiles, redo log files, and archived redo log files, hold actual user data; other structures, such as control files, maintain the state of the database objects, and text-based alert and trace files contain logging information for both routine events and error conditions in the database. Figure 1 [1] shows the relationship between these physical structures and the logical storage structures. Datafiles One Oracle datafile corresponds to one physical operating system file on disk [1].
doi:10.4236/jis.2012.32014 fatcat:yuj5aduldnbh3onrhjc3jyuv7u