Using the structure of B+-trees for enhancing logging mechanisms of databases

Today's database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. This is, as an example, an important basic requirement for SOX (Sarbanes--Oxley Act) compliance, whereby every past transaction has to be traceable at any time. However, malicious database administrators may still be able to bypass the security mechanisms to make hidden modifications to the database. In this paper we define a novel signature of a B+-Tree, a widely-used storage structure in database management systems, and propose its utilization for supporting the logging in databases. This additional logging mechanism is especially useful in combination with forensic techniques that directly target the underlying tree-structure of an index. The applicability of the approach is demonstrated by proposing techniques for applying this signature in the context of digital forensics on B+-Trees.

[1]  K. Eckstein Forensics for advanced UNIX file systems , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[2]  Petra Koruga,et al.  Analysis of B-tree data structure and its usage in computer forensics , 2010 .

[3]  Sujeet Shenoi,et al.  Advances in Digital Forensics III , 2007 .

[4]  Aaron Burghardt,et al.  Using the HFS+ journal for deleted file recovery , 2008 .

[5]  Sujeet Shenoi,et al.  File System Journal Forensics , 2007, IFIP Int. Conf. Digital Forensics.

[6]  Edgar R. Weippl,et al.  InnoDB Database Forensics , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[7]  Richard T. Snodgrass,et al.  Forensic analysis of database tampering , 2008, TODS.

[8]  Marko Jahnke,et al.  Data Hiding in Journaling File Systems , 2005, DFRWS.

[9]  Edgar R. Weippl,et al.  Trees Cannot Lie: Using Data Structures for Forensics Purposes , 2011, 2011 European Intelligence and Security Informatics Conference.

[10]  Brian D. Carrier,et al.  File System Forensic Analysis , 2005 .