The pervasive use of databases for the storage of critical and sensitive information in many organizations has led to an increase in the rate at which databases are exploited in computer crimes. While there are several techniques and tools available for database forensic analysis, such tools usually assume an apriori database preparation, such as relying on tamper-detection software to already be in place and the use of detailed logging. Further, such tools are built-in and thus can be compromised or corrupted along with the database itself. In practice, investigators need forensic and security audit tools that work on poorlyconfigured systems and make no assumptions about the extent of damage or malicious hacking in a database.In this paper, we present our database forensics methods, which are capable of examining database content from a storage (disk or RAM) image without using any log or file system metadata. We describe how these methods can be used to detect security breaches in an untrusted environment where the security threat arose from a privileged user (or someone who has obtained such privileges). Finally, we argue that a comprehensive and independent audit framework is necessary in order to detect and counteract threats in an environment where the security breach originates from an administrator (either at database or operating system level).
Grier Forensics is an elite team of scientists, engineers, and businesspeople who provide solutions for clients across the federal government, academia and commercial sector. We strive to advance mission capabilities through the power of science. Our solutions are at the leading edge of innovation with capabilities including anonymous internet, airborne cyber defense, media exploitation, as well as research and development.
10451 Mill Run Circle, Suite 910
Owings Mills, MD 21117
Grier Forensics is a proud sponsor of QL+, Engineering Quality of Life for Those Who Served
© 2019-2020 Grier Forensics, LLC. All Rights Reserved.