Digital Forensics Readiness Framework (DFRF) to Secure Database Systems
Received: 21 February 2024 | Revised: 2 March 2024 | Accepted: 10 March 2024 | Online: 2 April 2024
Corresponding author: Ahmed Albugmi
Abstract
Database systems play a significant role in structuring, organizing, and managing data of organizations. In this regard, the key challenge is how to protect the confidentiality, integrity, and availability of database systems against attacks launched from within and outside an organization. To resolve this challenge, different database security techniques and mechanisms, which generally involve access control, database monitoring, data encryption, database backups, and strong passwords have been proposed. These techniques and mechanisms have been developed for certain purposes but fall short of many industrial expectations. This study used the design science research method to recommend a new Digital Forensic Readiness Framework, named DFRF, to secure database systems. DFRF involves risk assessments, data classification, database firewalls, data encryption, strong password policies, database monitoring and logging, data backups and recovery, incident response plans, forensic readiness, as well as education and awareness. The proposed framework not only identifies threats and responds to them more effectively than existing models, but also helps organizations stay fully compliant with regulatory requirements and improve their security. The design of the suggested framework was compared with existing models, confirming its superiority.
Keywords:
database systems, digital forensics, forensic readiness, design science methodDownloads
References
M. Alam and K. A. Shakil, "Cloud Database Management System Architecture," UACEE International Journal of Computer Science and its Applications, vol. 3, no. 1, pp. 27–31.
A. Alshammari, "A Novel Security Framework to Mitigate and Avoid Unexpected Security Threats in Saudi Arabia," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11445–11450, Aug. 2023.
M. Ngadi, R. Al-Dhaqm, and A. Mohammed, "Detection and prevention of malicious activities on RDBMS relational database management systems," International Journal of Scientific & Engineering Research, vol. 3, no. 9, Sep. 2012.
F. Alotaibi, A. Al-Dhaqm, and Y. D. Al-Otaibi, "A Conceptual Digital Forensic Investigation Model Applicable to the Drone Forensics Field," Engineering, Technology & Applied Science Research, vol. 13, no. 5, pp. 11608–11615, Oct. 2023.
A. A. Alhussan, A. Al-Dhaqm, W. M. S. Yafooz, S. B. A. Razak, A.-H. M. Emara, and D. S. Khafaga, "Towards Development of a High Abstract Model for Drone Forensic Domain," Electronics, vol. 11, no. 8, Jan. 2022, Art. no. 1168.
R. Susaimanickam, "A workflow to support forensic database analysis - Murdoch University," MSc Thesis, Murdoch University, Australia, 2012.
H. Q. Beyers, "Database forensics : Investigating compromised database management systems," MSc Thesis, University of Pretoria, South Africa, 2013.
A. Al-Dhaqm, S. Abd Razak, S. H. Othman, A. Nagdi, and A. Ali, "A Generic Database Forensic Investigation Process Model," Jurnal Teknologi, vol. 78, no. 6–11, Jun. 2016.
O. M. Fasan and M. Olivier, "Reconstruction in Database Forensics," in Advances in Digital Forensics VIII, Pretoria, South Africa, 2012, pp. 273–287.
O. M. Fasan and M. S. Olivier, "On Dimensions of Reconstruction in Database Forensics," in Proceedings of the Seventh International Workshop on Digital Forensics and Incident Analysis (WDFIA 2012), 2012.
I. S. Alansari, "A Detection and Investigation Model for the Capture and Analysis of Network Crimes," Engineering, Technology & Applied Science Research, vol. 13, no. 5, pp. 11871–11877, Oct. 2023.
J. Yoon, D. Jeong, C. Kang, and S. Lee, "Forensic investigation framework for the document store NoSQL DBMS: MongoDB as a case study," Digital Investigation, vol. 17, pp. 53–65, Jun. 2016.
D. Wong and K. Edwards, "System and method for investigating a data operation performed on a database," US20050289187A1, Dec. 29, 2005.
H. K. Khanuja and D. S. Adane, "A framework for database forensic analysis," Computer Science & Engineering: An International Journal, vol. 2, no. 3, pp. 27–41, 2012.
D. Litchfield, "Oracle Forensics - Part 1: Dissecting the Redo Logs," NGSSoftware Insight Security Research (NISR), Mar. 2007.
D. Litchfield, "Oracle Forensics Part 2: Locating Dropped Objects," NGSSoftware Insight Security Research (NISR), Mar. 2007.
D. Litchfield, "Oracle Forensics - Part 3: Isolating evidence of attacks against the authentication mechanism," NGSSoftware Insight Security Research (NISR), Mar. 2007.
D. Litchfield, "Oracle Forensics Part 4: Live Response," NGSSoftware Insight Security Research (NISR), Apr. 2007.
K. Fowler, SQL Server Forenisc Analysis. Pearson Education, 2008.
N. Son, K. Lee, S. Jeon, H. Chung, S. Lee, and C. Lee, "The Method of Database Server Detection and Investigation in the Enterprise Environment," in Secure and Trust Computing, Data Management and Applications, Loutraki, Greece, 2011, pp. 164–171.
P. Frühwirt, M. Huber, M. Mulazzani, and E. R. Weippl, "InnoDB Database Forensics," in 2010 24th IEEE International Conference on Advanced Information Networking and Applications, Perth, WA, Australia, Apr. 2010, pp. 1028–1036.
P. Frühwirt, P. Kieseberg, S. Schrittwieser, M. Huber, and E. Weippl, "InnoDB Database Forensics: Reconstructing Data Manipulation Queries from Redo Logs," in 2012 Seventh International Conference on Availability, Reliability and Security, Prague, Czech Republic, Aug. 2012, pp. 625–633.
P. Frühwirt, P. Kieseberg, S. Schrittwieser, M. Huber, and E. Weippl, "InnoDB database forensics: Enhanced reconstruction of data manipulation queries from redo logs," Information Security Technical Report, vol. 17, no. 4, pp. 227–238, May 2013.
G. T. Lee, S. Lee, E. Tsomko, and S. Lee, "Discovering Methodology and Scenario to Detect Covert Database System," in Future Generation Communication and Networking (FGCN 2007), Jeju, Korea (South), Sep. 2007, vol. 2, pp. 130–135.
J. Azemovi, "Efficient Model for Detection Data and Data Scheme Tempering with Purpose of Valid Forensic Analysis," presented at the International Conference on Computer Engineering and Applications, Singapore, 2011.
R. T. Snodgrass, S. S. Yao, and C. Collberg, "Tamper detection in audit logs," in Proceedings of the Thirtieth international conference on Very large data bases, Vol. 30, 2004, pp. 504–515.
H. Khanuja and S. S. Suratkar, ""Role of metadata in forensic analysis of database attacks"," in 2014 IEEE International Advance Computing Conference (IACC), Gurgaon, India, Feb. 2014, pp. 457–462.
P. Frühwirt, P. Kieseberg, K. Krombholz, and E. Weippl, "Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations," Digital Investigation, vol. 11, no. 4, pp. 336–348, Dec. 2014.
J. Yoon and S. Lee, "A method and tool to recover data deleted from a MongoDB," Digital Investigation, vol. 24, pp. 106–120, Mar. 2018.
D. Litchfield, "Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing," NGSSoftware Insight Security Research (NISR), Aug. 2007.
D. Litchfield, "Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin," NGSSoftware Insight Security Research (NISR), Aug. 2007.
D. Litchfield, "Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Investigations," NGSSoftware Insight Security Research (NISR), Nov. 2008.
A. Al-Dhaqm, S. A. Razak, K. Siddique, R. A. Ikuesan, and V. R. Kebande, "Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field," IEEE Access, vol. 8, pp. 145018–145032, 2020.
P. M. Wright, "Oracle Database Forensics using LogMiner," SANS Institute, Jun. 2004.
A. Basu, "Forensic Tamper Detection in SQL Server." http://amitfrombangalore.blogspot.com/2015/08/forensic-tamper-detection-in-sql-server.html.
M. J. Malmgren, "An Infrastructure for Database Tamper Detection and Forensic Analysis," BSc Thesis, University of Arizona, 2007.
K. E. Pavlou and R. T. Snodgrass, "Forensic analysis of database tampering," ACM Transactions on Database Systems, vol. 33, no. 4, Sep. 2008.
M. S. Olivier, "On metadata context in Database Forensics," Digital Investigation, vol. 5, no. 3, pp. 115–123, Mar. 2009.
D. Lee, J. Choi, and S. Lee, "Database forensic investigation based on table relationship analysis techniques: 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009," in Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, 2009.
F. Fatima, “Detecting database attacks using computer forensics tools,” Texas A&M University-Corpus Christi, 2011.
H. Beyers, M. Olivier, and G. Hancke, "Assembling Metadata for Database Forensics," in Advances in Digital Forensics VII, Orlando, FL, USA, 2011, pp. 89–99.
H. Beyers and M. Olivier, "An Approach to Examine the Metadata and Data of a Database Management System by making use of a Forensic Comparison Tool," 2011.
S. Tripathi and B. B. Meshram, "Digital Evidence for Database Tamper Detection," vol. 2012, Apr. 2012.
S. Jeon, J. Bang, K. Byun, and S. Lee, "A recovery method of deleted record for SQLite database," Personal and Ubiquitous Computing, vol. 16, no. 6, pp. 707–715, Aug. 2012.
P. D. Abhonkar and A. Kanthe, "Enriching forensic analysis process for tampered data in database," International Journal of Computer Science and Information Technologies, vol. 3, no. 5, pp. 5078–5085, 2012.
H. Q. Beyers, M. S. Olivier, and G. P. Hancke, "Arguments and Methods for Database Data Model Forensics," in Proceedings of the Seventh International Workshop on Digital Forensics and Incident Analysis (WDFIA 2012), 2012.
H. K. Khanuja and Dr. D. S. Adane, "Forensic Analysis of Databases by Combining Multiple Evidences," International Journal of Computers and Technology, vol. 7, no. 3, pp. 654–663, Jun. 2013.
K. E. Pavlou and R. T. Snodgrass, "Generalizing database forensics," ACM Transactions on Database Systems, vol. 38, no. 2, Apr. 2013.
O. M. Adedayo and M. S. Olivier, "On the Completeness of Reconstructed Data for Database Forensics," in Digital Forensics and Cyber Crime, Lafayette, IN, USA, 2013, pp. 220–238.
P. P. Gawali, "Forensic Analysis Algorithm: By using the Tiled Bitmap with Audit Log Mechanism," International Journal of Computer Applications, vol. 63, no. 11, pp. 36–42, Feb. 2013.
B. Wu, M. Xu, H. Zhang, J. Xu, Y. Ren, and N. Zheng, "A Recovery Approach for SQLite History Recorders from YAFFS2," in Information and Communication Technology, Yogyakarta, Indonesia, 2013, pp. 295–299.
J. H. Choi, D. W. Jeong, and S. Lee, "The method of recovery for deleted record in Oracle Database," Journal of the Korea Institute of Information Security & Cryptology, vol. 23, no. 5, pp. 947–955, 2013.
M. Xu et al., "A metadata-based method for recovering files and file traces from YAFFS2," Digital Investigation, vol. 10, no. 1, pp. 62–72, Jun. 2013.
P. P. Gawali, "Database tampering and detection of data fraud by using the forensic scrutiny technique," International Journal of Emerging Technology and Advanced Engineering3, vol. 3, no. 2, pp. 439–446, Feb. 2013.
M. Xu et al., "A Reconstructing Android User Behavior Approach based on YAFFS2 and SQLite.," Journal of Computers, vol. 9, no. 10, pp. 2294–2302, 2014.
W. K. Hauger and M. S. Olivier, "The role of triggers in database forensics," in 2014 Information Security for South Africa, Johannesburg, South Africa, Dec. 2014, pp. 1–7.
H. K. Khanuja and D. S. Adane, "Forensic Analysis for Monitoring Database Transactions," in Security in Computing and Communications, Delhi, India, 2014, pp. 201–210.
O. M. Adedayo, "Reconstruction in Database Forensics," Ph.D. dissertation, University of Pretoria, South Africa, 2015.
J. Wagner, A. Rasin, and J. Grier, "Database forensic analysis through internal structure carving," Digital Investigation, vol. 14, pp. S106–S115, Aug. 2015.
O. M. Adedayo and M. S. Olivier, "Ideal log setting for database forensics reconstruction," Digital Investigation, vol. 12, pp. 27–40, Mar. 2015.
J. O. Ogutu, "A Methodology To Test The Richness Of Forensic Evidence Of Database Storage Engine: Analysis Of MySQL Update Operation In InnoDB And MyISAM Storage Engines," MSc Thesis, University of Nairobi, Kenya, 2016.
A. Aldhaqm, S. A. Razak, S. H. Othman, A. Ali, and A. Ngadi, "Conceptual Investigation Process Model for Managing Database Forensic Investigation Knowledge," Research Journal of Applied Sciences, Engineering and Technology, vol. 12, no. 4, pp. 386–394, Feb. 2016.
J. Wagner, A. Rasin, T. Malik, K. Heart, H. Jehle, and J. Grier, "Database Forensic Analysis with DBCarver," in CIDR 2017, 8th Biennial Conference on Innovative Data Systems Research, Jan. 2017.
A. Al-Dhaqm, S. Razak, S. H. Othman, A. Ngadi, M. N. Ahmed, and A. A. Mohammed, "Development and validation of a Database Forensic Metamodel (DBFM)," PLOS ONE, vol. 12, no. 2, 2017, Art. no. e0170793.
M. Alam and K. A. Shakil, "Cloud Database Management System Architecture," UACEE International Journal of Computer Science and its Applications, vol. 3, no. 1, pp. 27–31.
A. Al-Dhaqm, S. Razak, and S. H. Othman, "Model Derivation System to Manage Database Forensic Investigation Domain Knowledge," in 2018 IEEE Conference on Application, Information and Network Security (AINS), Langkawi, Malaysia, Nov. 2018, pp. 75–80.
R. Bria, A. Retnowardhani, and D. N. Utama, "Five Stages of Database Forensic Analysis: A Systematic Literature Review," in 2018 International Conference on Information Management and Technology (ICIMTech), Jakarta, Indonesia, Sep. 2018, pp. 246–250.
A. Al-Dhaqm et al., "Categorization and Organization of Database Forensic Investigation Processes," IEEE Access, vol. 8, pp. 112846–112858, 2020.
H. Choi, S. Lee, and D. Jeong, "Forensic Recovery of SQL Server Database: Practical Approach," IEEE Access, vol. 9, pp. 14564–14575, 2021.
M. F. Caro, D. P. Josyula, M. T. Cox, and J. A. Jiménez, "Design and validation of a metamodel for metacognition support in artificial intelligent systems," Biologically Inspired Cognitive Architectures, vol. 9, pp. 82–104, Jul. 2014.
S. Kelly and R. Pohjonen, "Worst Practices for Domain-Specific Modeling," IEEE Software, vol. 26, no. 4, pp. 22–29, Jun. 2009.
Downloads
How to Cite
License
Copyright (c) 2024 Ahmed Albugmi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.