Browser unable to execute script; please use the site map to navigate the site.

Assembling the Metadata for a Database Forensic Examination

Beyers, Olivier, and Hancke


(Citation)Citation information

H. Beyers, M. S. Olivier, and G. P. Hancke. “Assembling the Metadata for a Database Forensic Examination”. In: Advances in Digital Forensics VII. Ed. by G. Peterson and S. Shenoi. Springer, 2011, pp. 89–99


Since information is often a primary target in a computer crime, organizations that store their information in database management systems (DBMSs) must develop a capability to perform database forensics. This paper describes a database forensic method that transforms a DBMS into the required state for a database forensic investigation. The method segments a DBMS into four abstract layers that separate the various levels of DBMS metadata and data. A forensic investigator can then analyze each layer for evidence of malicious activity. Tests performed on a compromised PostgreSQL DBMS demonstrate that the segmentation method provides a means for extracting the compromised DBMS components.

(Authoritative version on publisher's site)Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1007/978-3-642-24212-0_7

(BibTeX record)BibTeX reference

author={Hector Beyers and Martin S Olivier and Gerhard P Hancke},
title={Assembling the Metadata for a Database Forensic Examination},
booktitle={Advances in Digital Forensics {VII}},
editor={Gilbert Peterson and Sujeet Shenoi},
pages={89--99} )