Database forensics

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Database forensics" – news · newspapers · books · scholar · JSTOR (August 2010) (Learn how and when to remove this message)

Part of a series on
Forensic science
Physiological Anthropology Biology Bloodstain pattern analysis Dentistry DNA phenotyping DNA profiling Forensic genealogy Entomology Epidemiology Limnology Medicine Palynology Pathology Podiatry Toxicology
Social Psychiatry Psychology Psychotherapy Social work Verbal autopsy
Criminalistics Accounting Body identification Chemistry Colorimetry Election forensics Facial reconstruction Fingerprint analysis Firearm examination Footwear evidence Forensic arts Profiling Gloveprint analysis Palmprint analysis Questioned document examination Vein matching Forensic geophysics Forensic geology Social network analysis
Digital forensics Computer exams Data analysis Database study Malware analysis Mobile devices Network analysis Photography Video analysis Audio analysis
Related disciplines Electrical engineering Engineering Fire investigation Fire accelerant detection Fractography Linguistics Materials engineering Polymer engineering Statistics Traffic collision reconstruction
Related articles Crime scene CSI effect DNA in forensic entomology Perry Mason syndrome Pollen calendar Skid mark Trace evidence
Outline Category
v t e

Database Forensics is a branch of digital forensic science relating to the forensic study of databases and their related metadata.^[1]

The discipline is similar to computer forensics, following the normal forensic process and applying investigative techniques to database contents and metadata. Cached information may also exist in a servers RAM requiring live analysis techniques.

A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of wrongdoing, such as fraud.

Software tools such as ACL, Idea and Arbutus (which provide a read-only environment) can be used to manipulate and analyse data. These tools also provide audit logging capabilities which provide documented proof of what tasks or analysis a forensic examiner performed on the database.

Currently many database software tools are in general not reliable and precise enough to be used for forensic work as demonstrated in the first paper published on database forensics.^[2] There is currently a single book published in this field,^[3] though more are destined.^[4] Additionally there is a subsequent SQL Server forensics book by Kevvie Fowler named SQL Server Forensics which is well regarded also.^[5]

The forensic study of relational databases requires a knowledge of the standard used to encode data on the computer disk. A documentation of standards used to encode information in well-known brands of DB such as SQL Server and Oracle has been contributed to the public domain.^[6][7]

It is important to note, for evidential purposes, that because the forensic analysis of a data base is not executed in isolation, the technological frame work within which a subject database exit, is crucial to understanding and resolving questions of data authenticity and integrity especially as it relates to database users.

Familial DNA testing is an investigation tool that employs the use to Database forensics to convict criminals and exonerate innocent people convicted of crimes. Familial DNA testing is used when DNA found at a crime scene strongly resembles DNA already in the database. The two pieces of DNA are likely to be related persons, and the perpetrator is tracked down based on the information of the relative in the database.^[8] This technique is surrounded by controversy regarding whether it i an invasion of privacy, and whether it could lead to an increase of racial profiling amount the judicial system. Other scholars argue, however, that the potential of convicting criminals that are harmful to society far outweighs any potential of privacy invasion or racial profiling. ^[9]

• Farmer and Venema, 1999, http://www.porcupine.org/forensics/forensic-discovery/appendixB.html
• Sarbanes Oxley section 404 – enforce financial standards to limit chance of fraud. http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/
• HIPAA – Health and Portability Act http://www.cms.hhs.gov/hipaa/
• Sarbanes Oxley section 404 – enforce financial standards to limit chance of fraud http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/
• Fair Credit Reporting Act (FCRA) http://www.gao.gov/new.items/d06674.pdf
• Oracle Forensics In a Nutshell, Paul M. Wright (May 2007) http://www.oracleforensics.com/wordpress/wp-content/uploads/2007/03/OracleForensicsInANutshell.pdf
• Oracle Forensics, Paul Wright, Rampant Techpress, ISBN 0-9776715-2-6, May 2008. http://www.rampant-books.com/book_2007_1_oracle_forensics.htm