- Database Forensics
Database Forensics is a
computer science term referring to theforensic study ofdatabases .
Definition of Computer forensics:“Gathering and analyzing data in a manner as free from distortion or bias as possible to reconstruct data or what has happened in the past on a system.”
Farmer and Venema,1999 [ [http://www.porcupine.org/forensics/forensic-discovery/appendixB.html Appendix B: Data Gathering and the Order of Volatility ] ] .Computer forensics principles can be applied to a database, which is a persistent data store, often relational. For example the timestamps that apply to the update time of a row in a relational table can be inspected and tested for validity in order to verify the actions of a database user. Additionally copies of database evidence can be made in order to preserve that evidence for future presentation during a legal process.
The science of Database Forensics is partly directed by the legal controls on Information Systems. These legal controls are most relevant in the UK and US.
1.Computer Fraud and Abuse Act, 18 U.S.C. §1030 - Network Crimes
2.Wiretap Act, 18 U.S.C. §2511 - Wiretapping and Snooping
3.Privacy Act, 18 U.S.C. 2701 - Electronic Communications
4.Sarbanes Oxley section 404 – enforce financial standards to limit chance of fraud [ [http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/ Sarbanes-Oxley Implementation Central ] ] .
5.HIPAA – Health and Portability Act [http://www.cms.hhs.gov/hipaa/]
6.Fair Credit Reporting Act (FCRA) limits use and distribution of personal data, andallows consumers to access the information held about them [ [http://www.gao.gov/new.items/d06674.pdf GAO-06-674 Personal Information: Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Sensitive Data ] ] .
7.Graham Leach Billey - requires disclosure of privacy policies to customers and financial standards in general. These policies shouldrestrict the passing on a non-public personal information and requires this information to be safeguarded [ [http://banking.senate.gov/conf/grmleach.htm CRA Amendments in the Gramm-Leach Act ] ] .
8. Financial Anti-Terrorism Act (H.R. 3004) of 2001 as part of the Patriot Act.
9.Basel II – Stipulates a relationship between the risk assessed for a bank and the amount of capital that needs to be set aside to balance that risk. Therefore Basel II provides a financial incentive for banks to reduce risk.
10. SB 1386 California Data Breach act.
11. New York Data Breach act – NY version of SB1386.
12. PCI Credit card security standard requires installation of patches https://sdp.mastercardintl.com/pdf/pcd_manual.pdf “6.1.1 Install relevant securitypatches within one month of release.” Also should be encrypted credit card details in the db. https://www.pcisecuritystandards.org/tech/index.htm
13. Data protection act 1998 UK
14. Safe Harbor Act http://www.opsi.gov.uk/ACTS/acts1998/19980029.htm http://www.export.gov/safeharbor/ .
Above is an excerpt with permission from "Oracle Forensics In a Nutshell" ["Oracle Forensics In a Nutshell" (May 2007)www.databasesecurity.com/dbsec/OracleForensicsInANutshell.pdf ] .Currently many database software tools are in general not reliable and precise enough to be used for forensic work as demonstrated in the first paper published on database forensics [ [http://www.giac.org/certified_professionals/practicals/gcfa/0159.php Oracle Database Forensics using LogMiner - GIAC Certified Student Practical ] ] .There is currently a single book published in this field [ Oracle Forensics (May 2008) 0977671526 ] though more are destined [Oracle Forensics Using Quisix ISBN 047019118X (Dec 2008)]
The forensic study of relational databases requires a knowledge of the standard used to encode data on the computer disk. A documentation of standards used to encode information in well known brands of DB such as SQL Server and Oracle has been contributed to the public domain. [ [http://www.sans.org/reading_room/whitepapers/forensics/1906.php SANS Institute - Forensic Analysis of a SQL Server 2005 Database Server ] ]
[ [http://www.databasesecurity.com/oracle-forensics.htm Oracle Forensics and Incident Response - databasesecurity.com ] ] .1. Farmer and Venema, 1999, http://www.porcupine.org/forensics/forensic-discovery/appendixB.html
2.Sarbanes Oxley section 404 – enforce financial standards to limit chance of fraud. http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/
3.HIPAA – Health and Portability Act http://www.cms.hhs.gov/hipaa/
4.Sarbanes Oxley section 404 – enforce financial standards to limit chance of fraud http://thecaq.aicpa.org/Resources/Sarbanes+Oxley/
5.Fair Credit Reporting Act (FCRA) http://www.gao.gov/new.items/d06674.pdf
6."Oracle Forensics In a Nutshell" Paul M. Wright (May 2007) http://www.oracleforensics.com/wordpress/wp-content/uploads/2007/03/OracleForensicsInANutshell.pdf
7. Oracle forensics using LogMiner By Paul Wright Jan 2005 . http://www.giac.org/certified_professionals/practicals/gcfa/0159.php
8. Oracle Forensics By Paul Wright Published by Rampant Techpress ISBN 0977671526, May 2008. http://www.rampant-books.com/book_2007_1_oracle_forensics.htm
9.Oracle Forensics Using Quisix By David Litchfield ISBN 047019118X (Dec 2008) http://www.amazon.com/Oracle-Forensics-Using-Quisix-Litchfield/dp/047019118X
10. SQL Server Forensics by Kevvie Fowler September 28, 2007 http://www.sans.org/reading_room/whitepapers/forensics/1906.php
11. Oracle Forensics series of 6 papers by David Litchfield 2007 http://www.databasesecurity.com/oracle-forensics.htmReferences
Wikimedia Foundation. 2010.
