1 / 13

Forensic Analysis of Database Tampering

Forensic Analysis of Database Tampering. Raul Quinonez CS 4398 Digital Forensics 10/25/13. Introduction. How to detect tampering? What data has been tampered? Who did it via forensic analysis?. Tamper Detection. Cryptographic Hashing functions Normal Processing Phase

karsen
Download Presentation

Forensic Analysis of Database Tampering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Forensic Analysis of Database Tampering Raul Quinonez CS 4398 Digital Forensics 10/25/13

  2. Introduction • How to detect tampering? • What data has been tampered? • Who did it via forensic analysis?

  3. Tamper Detection Cryptographic Hashing functions Normal Processing Phase Digital Normalization Service

  4. Temporal Detection • Each transaction is hashed • Identify corrupted stored data transactions • Focus on original time of transaction and time of corrupted transaction • Several corrupted tuples- Multi-locus • Single corrupted tuple- Single-locus

  5. Corruption Diagram

  6. Forensic Analysis • Monochromatic • Cumulative hash chains (black) • RGBY • Three types of chains (Red, green, blue) • Tiled Bitmap • Tiles of chains over continous data segments • a3D Algorithm • Partial hash chanis changes with transaction time

  7. Monochromatic Corruption Diagram

  8. RGBY Corruption Diagram

  9. Tiled Bitmap Corruption Diagram

  10. a3D Algorithm

  11. Forensic Algorithm Comparison • Tiled bitmap is the cheapest • Monochromatic is the easiest to implement • RGBY is the best option for larger corruption cases • a3D Algorithm has a constant cost

  12. Conclusion • How, what and who? • Forensic Algorithms • Comparison of algorithms

  13. References • Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006.

More Related