Implementing Chain of Custody Requirements in Database Audit Records for Forensic Purposes
| Autor: | Arshad Jhumka, Denys A. Flores |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Process management
Computer science Digital forensics Database audit ComputingMilieux_LEGALASPECTSOFCOMPUTING 020207 software engineering Timeline 02 engineering and technology Computer forensics Audit Computer security computer.software_genre Audit trail Digital evidence 020204 information systems 0202 electrical engineering electronic engineering information engineering computer Chain of custody |
| Zdroj: | TrustCom/BigDataSE/ICESS |
| DOI: | 10.1109/trustcom/bigdatase/icess.2017.299 |
| Popis: | During forensic database investigations, audit records become a crucial evidential element; particularly, when certain events can be attributed to insider activity. However, traditional reactive forensic methods may not be suitable, urging the adoption of proactive approaches that can be used to ensure accountability through audit records whilst satisfying Chain of Custody (CoC) requirements for forensic purposes. In this paper, role segregation, evidence provenance, event timeliness and causality are considered as CoC requirements in order to implement a forensically ready architecture for the proactive generation, collection and preservation of database audit records that can be used as digital evidence for the investigation of insider activity. Our proposal implements triggers and stored procedures as forensic routines in order to build a vector-clock-based timeline for explaining causality in transactional events recorded in audit tables. We expect to encourage further work in the field of proactive digital forensics and forensic readiness; in particular, for justifying admissibility of audit records under CoC restrictions. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|