The effective method of database server forensics on the enterprise environment

Namheun Son, Keungi Lee, Sangjun Jeon, Sangjin Lee, Changhoon Lee

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

When a forensic investigation is carried out in the enterprise environment, most of the important data are stored in database servers, and data stored in them are very important elements for a forensic investigation. As for database servers with such data stored, there are over 10 various kinds, such as SQL Server and Oracle. All the methods of investigating a database system are important, but this study suggests a single methodology likely to investigate all the database systems while considering the unique characteristics of each database system. A method of detecting a server and acquiring and investigating data in the server can be effectively used for such an investigation on the enterprise environment. For the existing investigation on server systems, severs should be shut down, and disc imaging should be conducted first. However, such a method may inflict great losses on the company in some cases. That is why we need a method to acquire data of a server in on-line state, and this study discusses this method. Besides, on the basis of methodology, this study attempts to determine a possibility that this new forensic investigation method can be practically used by directly applying this method to SQL Server and MySQL databases.

Original languageEnglish
Pages (from-to)1086-1093
Number of pages8
JournalSecurity and Communication Networks
Volume5
Issue number10
DOIs
Publication statusPublished - 2012 Oct

Keywords

  • Database server
  • Enterprise
  • Forensic
  • Network topology

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'The effective method of database server forensics on the enterprise environment'. Together they form a unique fingerprint.

  • Cite this