Database Application Schema Forensics
The application schema layer of a Database Management System (DBMS) can be modified to deliver results that may warrant a forensic investigation. Table structures can be corrupted by changing the metadata of a database or operators of the database can be altered to deliver incorrect results when use...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
South African Institute of Computer Scientists and Information Technologists
2014-12-01
|
| Series: | South African Computer Journal |
| Subjects: | |
| Online Access: | http://sacj.cs.uct.ac.za/index.php/sacj/article/view/188 |
| Summary: | The application schema layer of a Database Management System (DBMS) can be modified to deliver results that may warrant a forensic investigation. Table structures can be corrupted by changing the metadata of a database or operators of the database can be altered to deliver incorrect results when used in queries. This paper will discuss categories of possibilities that exist to alter the application schema with some practical examples. Two forensic environments are introduced where a forensic investigation can take place in. Arguments are provided why these environments are important. Methods are presented how these environments can be achieved for the application schema layer of a DBMS. A process is proposed on how forensic evidence should be extracted from the application schema layer of a DBMS. The application schema forensic evidence identification process can be applied to a wide range of forensic settings. |
|---|---|
| ISSN: | 1015-7999 2313-7835 |