Browser unable to execute script; please use the site map to navigate the site.

Database Application Schema Forensics

Beyers, Olivier, and Hancke


(Citation)Citation information

H. Beyers, M. S. Olivier, and G. P. Hancke. “Database Application Schema Forensics”. In: South African Computer Journal 55 (2014)


The application schema layer of a Database Management System (DBMS) can be modified to deliver results that may warrant a forensic investigation. Table structures can be corrupted by changing the metadata of a database or operators of the database can be altered to deliver incorrect results when used in queries. This paper will discuss categories of possibilities that exist to alter the application schema with some practical examples. Two forensic environments are introduced where a forensic investigation can take place in. Arguments are provided why these environments are important. Methods are presented how these environments can be achieved for the application schema layer of a DBMS. A process is proposed on how forensic evidence should be extracted from the application schema layer of a DBMS. The application schema forensic evidence identification process can be applied to a wide range of forensic settings.

(Authoritative version on publisher's site)Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.18489/sacj.v55i0.188

(BibTeX record)BibTeX reference

author={Hector Beyers and Martin S Olivier and Gerhard P Hancke},
title={Database Application Schema Forensics},
journal={South African Computer Journal},
volume={55} )