Database Management Systems (DBMS) are routinely used to store and process sensitive enterprise data. However, it is not possible to secure data by relying on the access control and security mechanisms (e.g., audit logs) of such systems alone – users may abuse their privileges (no matter whether granted or gained illegally) or circumvent security mechanisms to maliciously alter and access data. Thus, in addition to taking preventive measures, the major goal of database security is to 1) detect breaches and 2) to gather evidence about attacks for devising counter measures. We present an approach that evaluates the integrity of a live database, identifying and reporting evidence for log tampering. Our approach is based on forensic analysis of database storage and detection of inconsistencies between database logs and physical storage state (disk and RAM). We apply our approach to multiple DBMS to demonstrate its effectiveness in discovering malicious operations and providing detailed information about the data that was illegally accessed/modified.
Grier Forensics is an elite team of scientists, engineers, and businesspeople who provide solutions for clients across the federal government, academia and commercial sector. We strive to advance mission capabilities through the power of science. Our solutions are at the leading edge of innovation with capabilities including anonymous internet, airborne cyber defense, media exploitation, as well as research and development.
10451 Mill Run Circle, Suite 910
Owings Mills, MD 21117
Grier Forensics is a proud sponsor of QL+, Engineering Quality of Life for Those Who Served
© 2019-2020 Grier Forensics, LLC. All Rights Reserved.