The role of triggers in database forensics
Hauger and Olivier
2014
Citation information
W. K. Hauger and M. S. Olivier. “The role of triggers in database forensics”. In: Information Security South Africa 2014 (ISSA 2014). Johannesburg, South Africa, Aug. 2014Abstract
An aspect of database forensics that has not received much attention in the academic research community yet is the presence of database triggers. Database triggers and their implementations have not yet been thoroughly analysed to establish what possible impact they could have on digital forensic analysis methods and processes. Conventional database triggers are defined to perform automatic actions based on changes in the database. These changes can be on the data level or the data definition level. Digital forensic investigators might thus feel that database triggers do not have an impact on their work. They are simply interrogating the data and metadata without making any changes. This paper attempts to establish if the presence of triggers in a database could potentially disrupt, manipulate or even thwart forensic investigations. The database triggers as defined in the SQL standard were studied together with a number of database trigger implementations. This was done in order to establish what aspects might have an impact on digital forensic analysis. It is demonstrated in this paper that some of the current database forensic analysis methods are impacted by the possible presence of certain types of triggers in a database. Furthermore, it finds that the forensic interpretation and attribution processes should be extended to include the handling and analysis of database triggers if they are present in a database.
Full text
A pre- or postprint of the publication is available at https://mo.co.za/open/trigger.pdf.Definitive version
The definitive version of the paper is available from the publisher.DOI: 10.1109/ISSA.2014.6950506
BibTeX reference
@inproceedings(trigger,author={Werner K. Hauger and Martin S. Olivier},
title={The role of triggers in database forensics},
booktitle={Information Security South Africa 2014 (ISSA 2014)},
address={Johannesburg, South Africa},
month=aug,
year={2014} )