DETERMINING TRIGGER INVOLVEMENT DURING FORENSIC ATTRIBUTION IN DATABASES
Saved in:
| Title: | DETERMINING TRIGGER INVOLVEMENT DURING FORENSIC ATTRIBUTION IN DATABASES |
|---|---|
| Authors: | Hauger, Werner, Olivier, Martin |
| Contributors: | University of Pretoria South Africa, Gilbert Peterson, Sujeet Shenoi, TC 11, WG 11.9 |
| Source: | IFIP Advances in Information and Communication Technology ; 11th IFIP International Conference on Digital Forensics (DF) ; https://inria.hal.science/hal-01449057 ; 11th IFIP International Conference on Digital Forensics (DF), Jan 2015, Orlando, FL, United States. pp.163-177, ⟨10.1007/978-3-319-24123-4_10⟩ |
| Publisher Information: | CCSD |
| Publication Year: | 2015 |
| Subject Terms: | Database forensics, database triggers, forensic attribution, [INFO]Computer Science [cs] |
| Subject Geographic: | Orlando, FL, United States |
| Description: | Part 3: FORENSIC TECHNIQUES ; International audience ; Researchers have shown that database triggers can interfere with the attribution process in forensic investigations. Triggers can perform actions of commission and omission under the auspices of users without them being aware of the actions. This could lead to the actions being wrongly attributed to the users during forensic investigations. This chapter describes a technique for dealing with triggers during forensic investigations of databases. An algorithm is proposed that provides a simple test to determine if triggers played any part in the generation or manipulation of data in a specific database object. If the test result is positive, a forensic investigator must consider the actions performed by the implicated triggers. The algorithm is formulated generically to enable it to be applied to any relational SQL database that implements triggers. The algorithm provides forensic investigators with a quick and automated means for identifying the potentially relevant triggers for database objects, helping to increase the reliability of the forensic attribution process. |
| Document Type: | conference object |
| Language: | English |
| DOI: | 10.1007/978-3-319-24123-4_10 |
| Availability: | https://inria.hal.science/hal-01449057 https://inria.hal.science/hal-01449057v1/document https://inria.hal.science/hal-01449057v1/file/978-3-319-24123-4_10_Chapter.pdf https://doi.org/10.1007/978-3-319-24123-4_10 |
| Rights: | http://creativecommons.org/licenses/by/ ; info:eu-repo/semantics/OpenAccess |
| Accession Number: | edsbas.C0ADBB1E |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | Part 3: FORENSIC TECHNIQUES ; International audience ; Researchers have shown that database triggers can interfere with the attribution process in forensic investigations. Triggers can perform actions of commission and omission under the auspices of users without them being aware of the actions. This could lead to the actions being wrongly attributed to the users during forensic investigations. This chapter describes a technique for dealing with triggers during forensic investigations of databases. An algorithm is proposed that provides a simple test to determine if triggers played any part in the generation or manipulation of data in a specific database object. If the test result is positive, a forensic investigator must consider the actions performed by the implicated triggers. The algorithm is formulated generically to enable it to be applied to any relational SQL database that implements triggers. The algorithm provides forensic investigators with a quick and automated means for identifying the potentially relevant triggers for database objects, helping to increase the reliability of the forensic attribution process. |
|---|---|
| DOI: | 10.1007/978-3-319-24123-4_10 |