On the Completeness of Reconstructed Data for Database Forensics
| Autor: | Oluwasola Mary Adedayo, Martin S. Olivier |
|---|---|
| Rok vydání: | 2013 |
| Předmět: | |
| Zdroj: | Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ISBN: 9783642398902 ICDF2C |
| DOI: | 10.1007/978-3-642-39891-9_14 |
| Popis: | Databases are often used to store critical and sensitive information in various organizations and this has led to an increase in the rate at which databases are exploited in computer crimes. Even though various investigations involving databases have been explored, very little amount of research has been done on database forensics. This paper briefly describes a database reconstruction algorithm presented in an earlier work and shows the limitation that can be encountered when the algorithm has to deal with partially reconstructed relations or the deletion of tuples in a relation. Since reconstructed data can often be used as the evidence to support or refute claims about the data in a database, the inability to reconstruct necessary data may imply the absence of evidence. However, according to an axiom from forensic science, this does not mean an evidence of absence. As such, this paper presents two different techniques that can be used in reconstructing more tuples in a relation and provide corroborating evidence to claims about the data on a database. A typical example is used to describe the limitation of the database reconstruction algorithm and how the limitation can be overcomed by using the techniques described in the paper. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|