forensic analysis of database tampering
DESCRIPTION
Forensic Analysis of Database Tampering. Raul Quinonez CS 4398 Digital Forensics 10/25/13. Introduction. How to detect tampering? What data has been tampered? Who did it via forensic analysis?. Tamper Detection. Cryptographic Hashing functions Normal Processing Phase - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/1.jpg)
Raul QuinonezCS 4398 Digital Forensics10/25/13
![Page 2: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/2.jpg)
How to detect tampering?
What data has been tampered?
Who did it via forensic analysis?
![Page 3: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/3.jpg)
Cryptographic Hashing functions
Normal Processing Phase
Digital Normalization Service
![Page 4: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/4.jpg)
Each transaction is hashed
Identify corrupted stored data transactions
Focus on original time of transaction and time of corrupted transaction
Several corrupted tuples- Multi-locus
Single corrupted tuple- Single-locus
![Page 5: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/5.jpg)
![Page 6: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/6.jpg)
MonochromaticCumulative hash chains (black)
RGBYThree types of chains (Red, green, blue)
Tiled BitmapTiles of chains over continous data segments
a3D AlgorithmPartial hash chanis changes with transaction time
![Page 7: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/7.jpg)
![Page 8: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/8.jpg)
![Page 9: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/9.jpg)
![Page 10: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/10.jpg)
![Page 11: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/11.jpg)
Tiled bitmap is the cheapest
Monochromatic is the easiest to implement
RGBY is the best option for larger corruption cases
a3D Algorithm has a constant cost
![Page 12: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/12.jpg)
How, what and who?
Forensic Algorithms
Comparison of algorithms
![Page 13: Forensic Analysis of Database Tampering](https://reader030.vdocuments.site/reader030/viewer/2022033021/56813ff3550346895dab0c56/html5/thumbnails/13.jpg)
Kyri Pavlou and Richard T. Snodgrass, "Forensic Analysis of Database Tampering," in Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pages 109-120, Chicago, June, 2006.