Structural Limitations of B+-Tree forensics

Despite the importance of databases in virtually all data driven applications, database forensics is still not the thriving topic it ought to be. Many database management systems (DBMSs) structure the data in the form of trees, most notably B+-Trees. Since the tree structure is depending on the characteristics of the INSERT-order, it can be used in order to generate information on later manipulations, as was shown in a previously published approach. In this work we analyse this approach and investigate, whether it is possible to generalize it to detect DELETE-operations within general INSERT-only trees. We subsequently prove that almost all forms of B+-Trees can be constructed solely by using INSERT-operations, i.e. that this approach cannot be used to prove the existence of DELETE-operations in the past.

[1]  Martin S. Olivier,et al.  The state of database forensic research , 2015, 2015 Information Security for South Africa (ISSA).

[2]  Rudolf Bayer,et al.  Organization and maintenance of large ordered indexes , 1972, Acta Informatica.

[3]  Tanushree Shelare,et al.  A secure data transmission approach using B+trees in steganography , 2016, 2016 International Conference on Automatic Control and Dynamic Optimization Techniques (ICACDOT).

[4]  Douglas Comer,et al.  Ubiquitous B-Tree , 1979, CSUR.

[5]  Erin Toombs Microsoft SQL server forensic analysis , 2015 .

[6]  Edgar R. Weippl,et al.  Using the structure of B+-trees for enhancing logging mechanisms of databases , 2011, iiWAS '11.

[7]  Edgar R. Weippl,et al.  Trees Cannot Lie: Using Data Structures for Forensics Purposes , 2011, 2011 European Intelligence and Security Informatics Conference.

[8]  Flores Armas,et al.  Guidelines for Collecting Forensic Computing Evidence in order to reinforce the Detection of Money Laundering Activities in the Central Bank of Ecuador. , 2012 .

[9]  Martin S. Olivier,et al.  Ideal log setting for database forensics reconstruction , 2015 .

[10]  Richard J. Self,et al.  Combining Digital Forensic Practices and Database Analysis as an Anti-Money Laundering Strategy for Financial Institutions , 2012, 2012 Third International Conference on Emerging Intelligent Data and Web Technologies.

[11]  Gerome Miklau,et al.  Threats to privacy in the forensic analysis of database systems , 2007, SIGMOD '07.

[12]  Steven Brown,et al.  Towards Modelling the Impact of Security Policy on Compliance , 2016, J. Inf. Technol. Res..

[13]  Winfred Yaokumah,et al.  Exploring the Impact of Security Policy on Compliance , 2018 .

[14]  Gerome Miklau,et al.  Securing history: Privacy and accountability in database systems , 2007, CIDR.

[15]  Martin S. Olivier,et al.  NoSQL databases : forensic attribution implications , 2018 .

[16]  Radu Sion,et al.  Ficklebase: Looking into the future to erase the past , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[18]  Edgar R. Weippl,et al.  InnoDB database forensics: Enhanced reconstruction of data manipulation queries from redo logs , 2013, Inf. Secur. Tech. Rep..

[19]  Richard J. Self,et al.  An Anti-Money Laundering Methodology: Financial Regulations, Information Security and Digital Forensics Working Together , 2013, J. Internet Serv. Inf. Secur..