CIPM: Common identification process model for database forensics field

作     者：Alfadli, Ibrahim Ghabban, Fahad M Ameerbakhsh, Omair AbuAli, Amer Nizar Al-Dhaqm, Arafat Al-Khasawneh, Mahmoud Ahmad 

作者机构：College of Computer Science and Engineering Information system department Taibah University Madina Saudi Arabia Faculty of Engineering School of Computing University Technology Malaysia Johor Malaysia Faculty of Computer & Information Technology Al-Madinah International University Shah Alam Malaysia 

出 版 物：《arXiv》 (arXiv)

年 卷 期：2021年

核心收录：

主　　题：Database systems 

摘      要：Database Forensics (DBF) domain is a branch of digital forensics, concerned with the identification, collection, reconstruction, analysis, and documentation of database crimes. Different researchers have introduced several identification models to handle database crimes. Majority of proposed models are not specific and are redundant, which makes these models a problem because of the multidimensional nature and high diversity of database systems. Accordingly, using the metamodeling approach, the current study is aimed at proposing a unified identification model applicable to the database forensic field. The model integrates and harmonizes all exiting identification processes into a single abstract model, called Common Identification Process Model (CIPM). The model comprises six phases: 1) notifying an incident, 2) responding to the incident, 3) identification of the incident source, 4) verification of the incident, 5) isolation of the database server and 6) provision of an investigation environment. CIMP was found capable of helping the practitioners and newcomers to the forensics domain to control database crimes. © 2021, CC BY.