Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
Forensic attribution challenges during forensic examinations of databases
Dissertation (MSc)--University of Pretoria, 2018.
Saved in:
| Other Authors: | |
|---|---|
| Format: | Thesis |
| Published: |
University of Pretoria
2019
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613436954804224 |
|---|---|
| access_status_str | Open Access |
| author2 | Olivier, Martin S. |
| author_browse | Olivier, Martin S. |
| author_facet | Olivier, Martin S. |
| collection | Thesis |
| dc_rights_str_mv | © 2019 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| description | Dissertation (MSc)--University of Pretoria, 2018. |
| format | Thesis |
| id | oai:repository.up.ac.za:2263/72738 |
| institution | University of Pretoria (South Africa) |
| last_indexed | 2026-06-10T12:36:07.570Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UPSpace — University of Pretoria Institutional Repository |
| publishDate | 2019 |
| publishDateRange | 2019 |
| publishDateSort | 2019 |
| publisher | University of Pretoria |
| publisherStr | University of Pretoria |
| record_format | dspace |
| source_str | UPSpace — University of Pretoria Institutional Repository |
| spelling | oai:repository.up.ac.za:2263/72738 Forensic attribution challenges during forensic examinations of databases Olivier, Martin S. u95083512@tuks.co.za Hauger, Werner Karl UCTD Digital Forensics Database Forensics Forensic Attribution Database Triggers Relational Databases NoSQL Databases Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 Dissertation (MSc)--University of Pretoria, 2018. An aspect of database forensics that has not yet received much attention in the academic research community is the attribution of actions performed in a database. When forensic attribution is performed for actions executed in computer systems, it is necessary to avoid incorrectly attributing actions to processes or actors. This is because the outcome of forensic attribution may be used to determine civil or criminal liability. Therefore, correctness is extremely important when attributing actions in computer systems, also when performing forensic attribution in databases. Any circumstances that can compromise the correctness of the attribution results need to be identified and addressed. This dissertation explores possible challenges when performing forensic attribution in databases. What can prevent the correct attribution of actions performed in a database? Thirst identified challenge is the database trigger, which has not yet been studied in the context of forensic examinations. Therefore, the dissertation investigates the impact of database triggers on forensic examinations by examining two sub questions. Firstly, could triggers due to their nature, combined with the way databases are forensically acquired and analysed, lead to the contamination of the data that is being analysed? Secondly, can the current attribution process correctly identify which party is responsible for which changes in a database where triggers are used to create and maintain data? The second identified challenge is the lack of access and audit information in NoSQL databases. The dissertation thus investigates how the availability of access control and logging features in databases impacts forensic attribution. The database triggers, as dened in the SQL standard, are studied together with a number of database trigger implementations. This is done in order to establish, which aspects of a database trigger may have an impact on digital forensic acquisition, analysis and interpretation. Forensic examinations of relational and NoSQL databases are evaluated to determine what challenges the presence of database triggers pose. A number of NoSQL databases are then studied to determine the availability of access control and logging features. This is done because these features leave valuable traces for the forensic attribution process. An algorithm is devised, which provides a simple test to determine if database triggers played any part in the generation or manipulation of data in a specific database object. If the test result is positive, the actions performed by the implicated triggers will have to be considered in a forensic examination. This dissertation identified a group of database triggers, classified as non-data triggers, which have the potential to contaminate the data in popular relational databases by inconspicuous operations, such as connection or shutdown. It also established that database triggers can influence the normal ow of data operations. This means what the original operation intended to do, and what actually happened, are not necessarily the same. Therefore, the attribution of these operations becomes problematic and incorrect deductions can be made. Accordingly, forensic processes need to be extended to include the handling and analysis of all database triggers. This enables safer acquisition and analysis of databases and more accurate attribution of actions performed in databases. This dissertation also established that popular NoSQL databases either lack sufficient access control and logging capabilities or do not enable them by default to support attribution to the same level as in relational databases. bs2026 Computer Science MSc Unrestricted SDG-09: Industry, innovation and infrastructure SDG-16: Peace, justice and strong institutions 2019-12-13T08:07:55Z 2019-12-13T08:07:55Z 2019/09/03 2018 Dissertation Hauger, WK 2018, Forensic attribution challenges during forensic examinations of databases, MSc Dissertation, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/72738> S2019 http://hdl.handle.net/2263/72738 © 2019 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. application/pdf University of Pretoria |
| spellingShingle | UCTD Digital Forensics Database Forensics Forensic Attribution Database Triggers Relational Databases NoSQL Databases Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 Forensic attribution challenges during forensic examinations of databases |
| title | Forensic attribution challenges during forensic examinations of databases |
| title_full | Forensic attribution challenges during forensic examinations of databases |
| title_fullStr | Forensic attribution challenges during forensic examinations of databases |
| title_full_unstemmed | Forensic attribution challenges during forensic examinations of databases |
| title_short | Forensic attribution challenges during forensic examinations of databases |
| title_sort | forensic attribution challenges during forensic examinations of databases |
| topic | UCTD Digital Forensics Database Forensics Forensic Attribution Database Triggers Relational Databases NoSQL Databases Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 |
| url | http://hdl.handle.net/2263/72738 |