The importance of database fore nsics is increasing day by day as the use of databases to store sensitive corporate and personal data increases. Database forensics is a field of digital forensics that deals with datab...
详细信息
The importance of database fore nsics is increasing day by day as the use of databases to store sensitive corporate and personal data increases. Database forensics is a field of digital forensics that deals with database-related incidents such as data corruption, breaches, and leaks. One of the key functions of database forensics is information reconstruction, which is the tracing of actions from the time of an event to the present based on various information stored in the database. This feature allows investigators to identify unauthorized user actions and data deletion or manipulation when an incident occurs. Database log data is primarily used to reconstruct information. Database logs include transaction logs, error logs, event logs, and trace logs. Among them, we focus on the transaction log of Microsoft sql server (MSsql), one of the most popular database management systems in the world. Raw-level studies have been conducted on the transaction logs of Oracle and Mysql, other databases used at the enterprise level. However, there is very little research on MSsql transaction logs. For this reason, we analyze the internal structure of the MSsql transaction log. Based on these finding, we present an empirical method to identify and extract transaction log records in unallocated area.
This study proposes a memory-based forensic procedure for real-time recovery of deleted data in Microsoft sql server environments. This approach is particularly relevant for sensor-driven and embedded systems-such as ...
详细信息
This study proposes a memory-based forensic procedure for real-time recovery of deleted data in Microsoft sql server environments. This approach is particularly relevant for sensor-driven and embedded systems-such as those used in IoT gateways and edge computing platforms-where lightweight sql engines store critical operational and measurement data locally and are vulnerable to insider manipulation. Traditional approaches to deleted data recovery have primarily relied on transaction log analysis or static methods involving the examination of physical files such as .mdf and .ldf after taking the database offline. However, these methods face critical limitations in real-time applicability and may miss volatile data that temporarily resides in memory. To address these challenges, this study introduces a methodology that captures key deletion event information through transaction log analysis immediately after data deletion and directly inspects memory-resident pages loaded in the server's Buffer Pool. By analyzing page structures in the Buffer Pool and cross-referencing them with log data, we establish a memory-driven forensic framework that enables both the recovery and verification of deleted records. In the experimental validation, records were deleted in a live sql server environment, and a combination of transaction log analysis and in-memory page inspection allowed for partial or full recovery of the deleted data. This demonstrates the feasibility of real-time forensic analysis without interrupting the operational database. The findings of this research provide a foundational methodology for enhancing the speed and accuracy of digital forensics in time-sensitive scenarios, such as insider threats or cyber intrusion incidents, by enabling prompt and precise recovery of deleted data directly from memory. These capabilities are especially critical in IoT environments, where real-time deletion recovery supports sensor data integrity, forensic traceability, and uninte
Database forensics is becoming more important for investigators with the increased use of the information system. Although various database forensic methods such as log analysis and investigation model development hav...
详细信息
Database forensics is becoming more important for investigators with the increased use of the information system. Although various database forensic methods such as log analysis and investigation model development have been studied, among the database forensic methods, recovering deleted data is a key technique in database investigation for DB tampering and anti-forensics. Previous studies mainly focused on transaction or journal log to recover deleted data, but if logs are set to be deleted periodically or logs containing critical evidence are overwritten by new logs, the log-based recovery method can not be used practically. For this reason, an engine-based recovery method that analyzes data file at a raw level has been also introduced. There is research to recover small-sized databases such as sqlite and EDB, but there is no prior work describing the structure of data file and technology to recover deleted data of large databases used by enterprises or large organizations. In this context, we investigate Microsoft sql server (MSsql), which is one of the most used large databases. Our method focuses on a storage engine of MSsql. Through analyzing the storage engine, we identify the internal structure of MSsql data files and the storage mechanism. Based on these findings, a method to recover tables and records is presented by empirical examination. It is compatible with various versions of MSsql because it accesses data at the raw level. Our proposed method is verified by a comparative experiment with forensic tools implemented to recover deleted MSsql data. The experimental results show that our method recovers all deleted records from the unallocated area. It recovers all data types including multimedia data, called Large Objects (LOB) in the database field. To contribute digital forensic community, we also provide the source code of the implementation;it facilitates the knowledge sharing of database forensics.
For the development of web dynamic web pages based on *** and sql server, in order to improve the response speed of web pages when dealing with large amounts of data, a custom paging control is developed. By setting t...
详细信息
ISBN:
(纸本)9789881563804
For the development of web dynamic web pages based on *** and sql server, in order to improve the response speed of web pages when dealing with large amounts of data, a custom paging control is developed. By setting the properties of the paging control and writing a brief calling code, the paging function is realized.
暂无评论