A Forensic Framework for gathering and analyzing Database Systems using Blockchain Technology
Received: 26 February 2024 | Revised: 5 March 2024 | Accepted: 11 March 2024 | Online: 1 June 2024
Corresponding author: Mahmoud Ahmad Al-Khasawneh
Abstract
A blockchain is a distributed database that contains the records of transactions that are shared among all members of a community. Most members must confirm each and every transaction in order for a fraudulent transaction to fail to occur. As a rule, once a record is created and accepted by the blockchain, it cannot be altered or deleted by anyone. This study focuses on improving the investigation task in the database forensics field by utilizing blockchain technology. To this end, a novel conceptual framework is proposed for the forensic analysis of data from database systems engaging blockchain technology. This is the first time that blockchain technology is followed in database forensics for the purpose of tracing digital evidence. The design science research method was adopted to accomplish the objectives of the present study. The findings displayed that with the developed forensics framework, the data regarding database incidents could be gathered and analyzed in a more efficient manner.
Keywords:
database systems, digital forensics, database forensics, design science research, blockchain technologyDownloads
References
A. Al-Dhaqm, S. Abd Razak, S. H. Othman, A. Nagdi, and A. Ali, "A generic database forensic investigation process model," Jurnal Teknologi, vol. 78, no. 6–11, pp. 45–57, Jun. 2016.
S. Olnes, J. Ubacht, and M. Janssen, "Blockchain in government: Benefits and implications of distributed ledger technology for information sharing," Government Information Quarterly, vol. 34, no. 3, pp. 355–364, Sep. 2017.
M. A. Saleh, S. Hajar Othman, A. Al-Dhaqm, and M. A. Al-Khasawneh, "Common Investigation Process Model for Internet of Things Forensics," in 2nd International Conference on Smart Computing and Electronic Enterprise, Cameron Highlands, Malaysia, Jun. 2021, pp. 84–89.
F. Alotaibi, A. Al-Dhaqm, and Y. D. Al-Otaibi, "A Conceptual Digital Forensic Investigation Model Applicable to the Drone Forensics Field," Engineering, Technology & Applied Science Research, vol. 13, no. 5, pp. 11608–11615, Oct. 2023.
S. K. Singh and A. Mishra, "Digital Forensics and Cybersecurity Tools," in Advancements in Cybercrime Investigation and Digital Forensics, 1st Edition., Cambridge, MA, USA: Academic Press, 2023, pp. 367–382.
V. Jyotinagar and B. Meshram, "Digital forensic analysis of attack detection and identification in private cloud environments for databases," Journal of Integrated Science and Technology, vol. 12, no. 4, pp. 798–798, Jan. 2024.
A. M. R. Al-Dhaqm, "Simplified Database Forensic Invetigation Using Metamodeling Approach," Ph.D. dissertation, University of Technology Malaysia, Johor, Malaysia, 2019.
A. Alshammari, "A Novel Security Framework to Mitigate and Avoid Unexpected Security Threats in Saudi Arabia," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11445–11450, Aug. 2023.
A. Al-Dhaqm, W. M. S. Yafooz, S. H. Othman, and A. Ali, "Database Forensics Field and Children Crimes," in Kids Cybersecurity Using Computational Intelligence Techniques, W. M. S. Yafooz, H. Al-Aqrabi, A. Al-Dhaqm, and A. Emara, Eds. New York, NY, USA: Springer, 2023, pp. 81–92.
O. M. Fasan and M. Olivier, "Reconstruction in Database Forensics," in IFIP International Conference on Digital Forensics, Pretoria, South Africa, Jan. 2012, pp. 273–287.
A. A. Alhussan, A. Al-Dhaqm, W. M. S. Yafooz, A.-H. M. Emara, S. Bin Abd Razak, and D. S. Khafaga, "A Unified Forensic Model Applicable to the Database Forensics Field," Electronics, vol. 11, no. 9, Jan. 2022, Art. no. 1347.
D. Lee, J. Choi, and S. Lee, "Database Forensic Investigation Based on Table Relationship Analysis Techniques," in 2nd International Conference on Computer Science and its Applications, Jeju, Korea (South), Dec. 2009, pp. 1–5.
J. Choi, K. Choi, and S. Lee, "Evidence Investigation Methodologies for Detecting Financial Fraud Based on Forensic Accounting," in 2nd International Conference on Computer Science and its Applications, Jeju, Korea (South), Dec. 2009, pp. 1–6.
M. S. Olivier, "On metadata context in Database Forensics," Digital Investigation, vol. 5, no. 3, pp. 115–123, Mar. 2009.
N. Son, K. Lee, S. Jeon, H. Chung, S. Lee, and C. Lee, "The Method of Database Server Detection and Investigation in the Enterprise Environment," in FTRA International Conference on Secure and Trust Computing, Data Management, and Application, Loutraki, Greece, Jun. 2011, pp. 164–171.
S. Tripathi and B. B. Meshram, "Digital Evidence for Database Tamper Detection," Journal of Information Security, vol. 3, pp. 113–121, Apr. 2012.
H. K. Khanuja and D. S. Adane, "A Framework for Database Forensic Analysis," Computer Science & Engineering: An International Journal, vol. 2, no. 3, pp. 27–41, Jun. 2012.
R. Susaimanickam, "A workflow to support forensic database analysis," Ph.D. dissertation, Murdoch University, Perth, Western Australia, 2012.
A. S. Alraddadi, "A Survey and a Credit Card Fraud Detection and Prevention Model using the Decision Tree Algorithm," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11505–11510, Aug. 2023.
K. Fowler, SQL Server Forenisc Analysis. London, UK: Pearson Education, 2008.
J. O. Ogutu, "A Methodology to Test the Richness of Forensic Evidence of Database Storage Engine: Analysis of MySQL Update Operation in InnoDB and MyISAM Storage Engines," Ph.D. dissertation, University of Nairobi, Nairobi, Kenya, 2016.
H. Khanuja and D. Adane, "Forensic Analysis of Databases by Combining Multiple Evidences," International Journal of Computers and Technology, vol. 7, no. 3, pp. 654–663, Dec. 2008.
P. Fruhwirt, P. Kieseberg, K. Krombholz, and E. Weippl, "Towards a forensic-aware database solution: Using a secured database replication protocol and transaction management for digital investigations," Digital Investigation, vol. 11, no. 4, pp. 336–348, Dec. 2014.
D. Wong and K. Edwards, "System and method for investigating a data operation performed on a database," US20050289187A1, Dec. 29, 2005.
K. Fowler, A Real World Scenario of a SQL Server 2005 Database Forensics Investigation. Emergis Inc., 2007.
O. M. Adedayo and M. S. Olivier, "Ideal log setting for database forensics reconstruction," Digital Investigation, vol. 12, pp. 27–40, Mar. 2015.
H. Khanuja and S. S. Suratkar, ""Role of metadata in forensic analysis of database attacks"," in IEEE International Advance Computing Conference, Gurgaon, India, Feb. 2014, pp. 457–462.
J. Wagner, A. Rasin, and J. Grier, "Database forensic analysis through internal structure carving," Digital Investigation, vol. 14, pp. S106–S115, Aug. 2015.
R. Chopade and V. K. Pachghare, "Ten years of critical review on database forensics research," Digital Investigation, vol. 29, pp. 180–197, Jun. 2019.
C. Orosco, C. Varol, and N. Shashidhar, "Graphically Display Database Transactions to Enhance Database Forensics," in 8th International Symposium on Digital Forensics and Security, Beirut, Lebanon, Jun. 2020, pp. 1–6.
B. Z. Adamu, M. Karabatak, and F. Ertam, "A Conceptual Framework for Database Anti-forensics Impact Mitigation," in 8th International Symposium on Digital Forensics and Security, Beirut, Lebanon, Jun. 2020, pp. 1–6.
R. Marsh, S. Belguith, and T. Dargahi, "IoT Database Forensics: An Investigation on HarperDB Security," in 3rd International Conference on Future Networks and Distributed Systems, Paris, France, Jul. 2019, pp. 1–7.
A. Al-Dhaqm, S. A. Razak, K. Siddique, R. A. Ikuesan, and V. R. Kebande, "Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field," IEEE Access, vol. 8, pp. 145018–145032, 2020.
A. Al-Dhaqm et al., "Categorization and Organization of Database Forensic Investigation Processes," IEEE Access, vol. 8, pp. 112846–112858, 2020.
R. Chopade and V. Pachghare, "Data Tamper Detection from NoSQL Database in Forensic Environment," Journal of Cyber Security and Mobility, vol. 10, no. 2, pp. 421–450, Apr. 2021.
A. Al-Dhaqm, S. Razak, R. A. Ikuesan, V. R. Kebande, and S. Hajar Othman, "Face Validation of Database Forensic Investigation Metamodel," Infrastructures, vol. 6, no. 2, Feb. 2021, Art. no. 13.
A. Al-dhaqm, S. Razak, S. H. Othman, A. Ngadi, M. N. Ahmed, and A. A. Mohammed, "Development and validation of a Database Forensic Metamodel (DBFM)," PLOS ONE, vol. 12, no. 2, Feb. 2017, Art. no. e0170793.
H. Choi, S. Lee, and D. Jeong, "Forensic Recovery of SQL Server Database: Practical Approach," IEEE Access, vol. 9, pp. 14564–14575, 2021.
M. J. Malmgren, "An infrastructure for database tamper detection and forensic analysis," Ph.D. dissertation, University of Arizona, Tucson, AZ, USA, 2007.
D. Litchfield, Oracle Forensics Part 4: Live Response. Next Generation Security Software Ltd, 2007.
G. T. Lee, S. Lee, E. Tsomko, and S. Lee, "Discovering Methodology and Scenario to Detect Covert Database System," in Future Generation Communication and Networking, Jeju, Korea (South), Dec. 2007, vol. 2, pp. 130–135.
D. Litchfield, Oracle Forensics Part 1: Dissecting the Redo Logs. Next Generation Security Software Ltd, 2007.
D. Litchfield, Oracle Forensics Part 2: Locating Dropped Objects. Next Generation Security Software Ltd, 2007.
D. Litchfield, Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing. Next Generation Security Software Ltd, 2007.
D. Litchfield, Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin. Next Generation Security Software Ltd, 2007.
D. Litchfield, Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Investigations. Next Generation Security Software Ltd, 2007.
K. E. Pavlou and R. T. Snodgrass, "Forensic analysis of database tampering," ACM Transactions on Database Systems, vol. 33, no. 4, Sep. 2008, Art. no. 30.
A. Basu, "Forensic Tamper Detection in SQL Server." http://amitfrombangalore.blogspot.com/2015/08/forensic-tamper-detection-in-sql-server.html.
P. Fruhwirt, M. Huber, M. Mulazzani, and E. R. Weippl, "InnoDB Database Forensics," in 24th IEEE International Conference on Advanced Information Networking and Applications, Perth, WA, Australia, Apr. 2010, pp. 1028–1036.
F. Fatima, "Detecting database attacks using computer forensics tools," Texas A&M University-Corpus Christi, 2011.
H. Beyers, M. Olivier, and G. Hancke, "Assembling Metadata for Database Forensics," in IFIP International Conference on Digital Forensics, Orlando, FL, USA, Feb. 2011, pp. 89–99.
H. Beyers, M. Olivier, and G. Hancke, "An approach to examine the Metadata and Data of a database Management System by making use of a forensic comparison tool," ISSA, Jan. 2011.
S. Jeon, J. Bang, K. Byun, and S. Lee, "A recovery method of deleted record for SQLite database," Personal and Ubiquitous Computing, vol. 16, no. 6, pp. 707–715, Aug. 2012.
P. D. Abhonkar and A. Kanthe, "Enriching Forensic Analysis process for Tampered Data in Database," International Journal of Computer Science and Information Technologies, vol. 3, no. 5, pp. 5078–5085, 2012.
K. E. Pavlou and R. T. Snodgrass, "DRAGOON: An Information Accountability System for High-Performance Databases," in 28th International Conference on Data Engineering, Arlington, VA, USA, Apr. 2012, pp. 1329–1332.
P. Fruhwirt, P. Kieseberg, S. Schrittwieser, M. Huber, and E. Weippl, "InnoDB Database Forensics: Reconstructing Data Manipulation Queries from Redo Logs," in Seventh International Conference on Availability, Reliability and Security, Prague, Czech Republic, Aug. 2012, pp. 625–633.
H. Q. Beyers, M. S. Olivier, and G. P. Hancke, "Arguments and Methods for Database Data Model Forensics," in Seventh International Workshop on Digital Forensics & Incident Analysis, Crete, Greece, Jun. 2012, pp. 139–149.
K. E. Pavlou and R. T. Snodgrass, "Generalizing database forensics," ACM Transactions on Database Systems, vol. 38, no. 2, Apr. 2013, Art. no. 12.
O. M. Adedayo and M. S. Olivier, "On the Completeness of Reconstructed Data for Database Forensics," in 4th International Conference on Digital Forensics and Cyber Crime, Lafayette, LA, USA, Oct. 2012, pp. 220–238.
P. P. Gawali and S. R. Gupta, "Forensic Analysis Algorithm: By using the Tiled Bitmap with Audit Log Mechanism," International Journal of Computer Applications, vol. 63, no. 11, pp. 36–42, Feb. 2013.
B. Wu, M. Xu, H. Zhang, J. Xu, Y. Ren, and N. Zheng, "A Recovery Approach for SQLite History Recorders from YAFFS2," in Information and Communication Technology - EurAsia Conference, Yogyakarta, Indonesia, Mar. 2013, pp. 295–299.
J.-H. Choi, D. W. Jeong, and S. Lee, "The method of recovery for deleted record in Oracle Database," Journal of the Korea Institute of Information Security & Cryptology, vol. 23, no. 5, pp. 947–955, 2013.
M. Xu et al., "A metadata-based method for recovering files and file traces from YAFFS2," Digital Investigation, vol. 10, no. 1, pp. 62–72, Jun. 2013.
P. P. Gawali, "Database Tampering and Detection of Data Fraud by Using the Forensic Scrutiny Technique," International Journal of Emerging Technology and Advanced Engineering, vol. 3, no. 2, pp. 439–446, 2013.
P. Fruhwirt, P. Kieseberg, S. Schrittwieser, M. Huber, and E. Weippl, "InnoDB database forensics: Enhanced reconstruction of data manipulation queries from redo logs," Information Security Technical Report, vol. 17, no. 4, pp. 227–238, May 2013.
M. Xu et al., "A Reconstructing Android User Behavior Approach based on YAFFS2 and SQLite," Journal of Computers, vol. 9, no. 10, pp. 2294–2302, Oct. 2014.
W. K. Hauger and M. S. Olivier, "The role of triggers in database forensics," in Information Security for South Africa, Johannesburg, South Africa, Aug. 2014, pp. 1–7.
H. Q. Beyers, "Database forensics: Investigating compromised database management systems," M.S. thesis, University of Pretoria, Pretoria, South Africa, 2013.
O. M. Adedayo, "Reconstruction in Database Forensics," Ph.D. dissertation, University of Pretoria, Pretoria, South Africa, 2015.
H. K. Khanuja and D. S. Adane, "Forensic Analysis for Monitoring Database Transactions," in International Symposium on Security in Computing and Communication, Delhi, India, Sep. 2014, pp. 201–210.
A. Aldhaqm, S. A. Razak, S. H. Othman, A. Ali, and A. Ngadi, "Conceptual Investigation Process Model for Managing Database Forensic Investigation Knowledge," Research Journal of Applied Sciences, Engineering and Technology, vol. 12, no. 4, pp. 386–394, Feb. 2016.
A. Al-dhaqm, S. Razak, S. Othman, A. Nagdi, and A. Ali, "A generic database forensic investigation process model," Jurnal Teknologi, vol. 78, pp. 45–57, Jun. 2016.
J. Wagner, A. Rasin, T. Malik, K. Heart, H. Jehle, and J. Grier, "Database Forensic Analysis with DBCarver," in 8th Biennial Conference on Innovative Data Systems Research, Chaminade, CA, USA, Jan. 2017.
A. Al-Dhaqm et al., "CDBFIP: Common Database Forensic Investigation Processes for Internet of Things," IEEE Access, vol. 5, pp. 24401–24416, 2017.
A. Al-Dhaqm, S. Razak, and S. H. Othman, "Model Derivation System to Manage Database Forensic Investigation Domain Knowledge," in IEEE Conference on Application, Information and Network Security, Langkawi, Malaysia, Nov. 2018, pp. 75–80.
R. Bria, A. Retnowardhani, and D. N. Utama, "Five Stages of Database Forensic Analysis: A Systematic Literature Review," in International Conference on Information Management and Technology, Jakarta, Indonesia, Sep. 2018, pp. 246–250.
A. A. Alhussan, A. Al-Dhaqm, W. M. S. Yafooz, A.-H. M. Emara, S. Bin Abd Razak, and D. S. Khafaga, "A Unified Forensic Model Applicable to the Database Forensics Field," Electronics, vol. 11, no. 9, Jan. 2022, Art. no. 1347.
N.-A. Le-Khac and K.-K. R. Choo, A Practical Hands-on Approach to Database Forensics. New York, NY, USA: Springer, 2022.
K. Moser, K.-K. R. Choo, and N.-A. Le-Khac, "Database Forensics for Analyzing Data Loss in Delayed Extraction Cases," in A Practical Hands-on Approach to Database Forensics, N.-A. Le-Khac and K.-K. R. Choo, Eds. New York, NY, USA: Springer, 2022, pp. 175–232.
M. I. Nissan, J. Wagner, and S. Aktar, "Database memory forensics: A machine learning approach to reverse-engineer query activity," Forensic Science International: Digital Investigation, vol. 44, Mar. 2023, Art. no. 301503.
A. Al-Dhaqm et al., "Categorization and Organization of Database Forensic Investigation Processes," IEEE Access, vol. 8, pp. 112846–112858, 2020.
A. Al-Dhaqm, R. A. Ikuesan, V. R. Kebande, S. Razak, and F. M. Ghabban, "Research Challenges and Opportunities in Drone Forensics Models," Electronics, vol. 10, no. 13, Jan. 2021, Art. no. 1519.
R. T. Snodgrass, S. S. Yao, and C. Collberg, "Tamper Detection in Audit Logs," in 30th VLDB Conference, Toronto, ON, Canada, 2004, pp. 504–515.
P. M. Wright, "Oracle Database Forensics using LogMiner," presented at the June 2004 Conference, SANS Institute, 2004.
Downloads
How to Cite
License
Copyright (c) 2024 Ahmed Omar Alzahrani, Mahmoud Ahmad Al-Khasawneh, Ala Abdulsalam Alarood, Eesa Alsolami
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
