Indonesian J
ournal of Ele
c
trical Engin
eering and
Computer Sci
e
nce
Vol. 1, No. 2,
February 20
1
6
, pp. 406 ~
410
DOI: 10.115
9
1
/ijeecs.v1.i2.pp40
6-4
1
0
406
Re
cei
v
ed Au
gust 11, 20
15
; Revi
sed
No
vem
ber 2
4
, 2015; Accepte
d
De
cem
ber
15, 2015
Information Base Secu
rity Threats an
d Challenges' in
Information Forensic: A Survey
Dilip Kumar Barai*, G. Sridev
i, S
y
ed u
m
ar, MSR Prasad
Dept. of CSE, KL Univ
ersit
y
,
Vadd
es
w
a
r
a
m, Guntur, India
*Corres
p
o
ndi
n
g
author, em
ail
:
dilipk
u
marb
7
@
gmai
l.com
A
b
st
r
a
ct
Genera
lly to store the i
n
for
m
ati
on or Infor
m
ation of a
n
y or
gan
i
z
a
t
io
n the
n
they w
ill be
ma
inta
i
n
Information
b
a
s
e to
mana
ge
that Infor
m
ati
o
n
bas
e w
e
use some mana
ge
me
nt
tech
ni
qu
es
lik
e
Infor
m
a
t
io
n
base
ma
na
ge
me
nt systems
so call
ed DBM
S
. In this
pap
er w
e
introduc
ed Re
latio
n
a
l
DBMS w
h
ich i
s
a
collecti
on of a
pplic
atio
ns that
can
store vari
ous infor
m
atio
n w
h
ich can b
e
easily retri
e
v
e
, man
i
p
u
late
and
storage of Info
rmati
on. So in
this
w
e
are conce
n
tratin
g o
n
forensic a
n
a
l
ysis an
d Informati
on b
a
se o
f
it
w
h
ich is v
e
ry s
ensitiv
e Infor
m
ation. In
this
p
aper w
e
are
a
naly
z
i
n
g
an
d s
u
rveyi
ng
of for
ensic I
n
for
m
ati
o
n
base
d
usi
ng va
rious
meth
od
ol
ogi
es w
i
th diffe
rent tool
s
and
alg
o
rith
ms for i
n
vestig
atio
ns, throu
gh w
h
ich
w
e
got w
hat are the chal
len
ges ar
e facing i
n
t
he forens
ic Information b
a
ses si
n
c
e the years.
Ke
y
w
ords
: DBMS, RDBMS, f
o
rensic Information tools.
Copy
right
©
2016 In
stitu
t
e o
f
Ad
van
ced
En
g
i
n
eerin
g and
Scien
ce. All
rig
h
t
s reser
ve
d
.
1. Introduc
tion
The main
co
n
c
ept in thi
s
p
aper i
s
h
o
w t
he secu
rity is
maintaine
d
to
the Informati
on ba
se
whi
c
h i
s
u
s
e
d
by th
e fo
re
nsi
c
d
epa
rtm
ent, if any
mi
su
sag
e
of
wil
l
occu
r th
en,
judgme
n
t
will not
be give
n to t
he a
c
cu
sed
p
eople
who
di
d crime.
The
r
e a
r
e m
o
re n
u
mbe
r
of i
n
d
epen
dent
risks i
s
there for the
confid
ential Informatio
n st
ored in the
In
formation b
a
se. So some issue
s
like iden
tity
theft, audit failures et
c., will
happ
ens.
These will happen
du
e to
some reasons
li
ke 1) Fi
nanci
al
con
s
trai
nts 2
)
Lack of threats
un
derst
andin
g
, 3) Interdep
artme
n
tal coop
erati
on is le
ss, 4) No
con
n
e
c
tion b
e
twee
n the IT operatio
ns and execut
i
v
e program
s, 5) Lack of se
curity to the
Information b
a
se p
r
o
c
e
s
se
s and
pro
c
e
d
u
re
s etc. In
the fore
nsi
c
d
epartm
ent victim`s info
rmat
ion
and
relate
d I
n
formatio
n
will be
stored,
if any mi
su
sag
e
o
c
curre
d
then
the
r
e
will
be l
a
ck of
eviden
ce whi
c
h will su
ppo
rt
them
to co
nvict.
To
avo
i
d such atta
cks the
Relati
onal
DBMS
will
play a major role to be awa
r
e from such attacks. So in this pape
r we are an
alyzi
ng som
e
difficult
attacks which can
not be
detected
ea
sily
and ne
w approa
che
s
are introdu
ced ho
w we
can
captu
r
e the e
v
idence and
can b
e
pro
d
u
c
e
s
at the juri
sdi
c
tion.
2. Interlope
and Foren
sic Aspe
cts of a Informatio
n Base
Many me
ch
a
n
ism
ha
s b
e
en impl
eme
n
t
ed by the
In
formation
ba
se
se
rver provides to
authenti
c
ate
& authori
z
e u
s
er i
n
form
atio
n. Thos
e
sta
n
dard app
roa
c
hes reg
u
lated
and supp
ort
ed
by the Government. And a
l
so re
qui
re so
me federal
re
gulation
s
[1] whi
c
h will secure the sy
ste
m
s
from vari
ous
hackers in which forensi
c
will main
tai
n
the Informati
on like medi
cal inform
ation of
the victims et
c. So that Informatio
n ha
s to save
as v
e
ry co
nfidenti
a
l in relatio
n
a
l
DBMS. So the
foren
s
ic
dep
a
r
tment shoul
d
maintain the
Information
as
se
cure wh
ether a
n
y ch
ange
s a
r
e m
ade
any othe
r
or not
we
hav
e to
ch
eck t
hese o
n
ce
[2
] interlo
pe
of any Info
rma
t
ion ba
se
by
an
authori
z
e
d
or unautho
ri
ze
d use
r
can b
e
easily d
e
te
cted by som
e
algo
rithms
like tilted bit
m
ap
forensic anal
ysis.
For
se
eki
n
g
the a
s
p
e
ct
s of fo
re
nsi
c
d
ept. Information b
a
se
Martin
S.
Oliver [2]
con
s
id
ere
d
some
m
a
in p
o
ints whi
c
h
con
s
i
s
ts of
e
x
ternal, con
c
eptual,
inte
rn
al
ap
pro
a
ch for
foren
s
ic Exa
m
ination. So
the follo
win
g
thing
s
ha
ve to be
co
nsid
ere
d
whi
l
e the fo
re
n
s
ic
investigatio
n is goin
g
on.
Evaluation Warning : The document was created with Spire.PDF for Python.
IJEECS
ISSN:
2502-4
752
Inform
ation Base Se
cu
rity
Thre
ats an
d Chall
enge
s' i
n
Inform
ation… (Dilip Kum
a
r Barai
)
407
a) Initially
ch
eck differen
c
e with t
he In
formation
&
con
c
e
p
tual la
yer. The
Info
rmation
layer m
a
y b
e
the ta
rg
et
of an
attack by de
stru
cti
ng o
r
m
a
ki
n
g
any
su
btle
ch
ang
es in
the
Information di
ctiona
ry.
b) Th
e Information di
ctio
nary al
so
co
n
t
ains info
rmat
ion that may
be of foren
s
i
c
inte
re
st
itself. The external te
chni
q
ue define
s
th
e Info
rmation
to be provide
d
to a spe
c
ific user.
c) At the
time
of foren
s
i
c
in
vestigation, t
he vari
ou
s views for va
rio
u
s u
s
e
r
s ge
n
e
rated
by
different sche
mes may be
approp
riate. The numb
e
r
of such external schem
as
only depen
ds on
the con
s
id
ere
d
Information
base.
d) T
h
e
OS m
anag
ement
of
the file
s
use
d
for the
phy
sical l
a
yer is al
so to
b
e
con
s
idere
d
.
Thus M
a
rtin
S. Olivier con
s
ide
r
s the o
r
i
g
inal
ANSI/SPARC archite
c
ture
(SIGM
O
D Record, 1
982)
whi
c
h
spe
c
ifi
ed 42 i
n
terf
ace
s
b
e
twe
e
n
variou
s
compon
ents t
o
explore In
formation
ba
se
Fore
nsi
c
s.
1)
The level of loggin
g
sh
oul
d have eno
ug
h informatio
n for investigati
on.
2)
Re
storatio
n of informat
io
n destroyed
partially and
the only part
i
ally recove
re
d is
unde
rgo
ne
a foren
s
ic capt
ure
p
r
o
c
e
ss.
3)
Combi
nation
of both
detail
ed lo
gs and
Mental fo
rma
t
ion may le
a
d
s to
dete
r
mi
ne
who
was au
thorized
to
perfo
rm
ce
rtain a
c
tion
a
nd u
s
e
that
as the
ba
si
s fo
r
attribution.
3.
Interpolation Detectio
n Appro
ache
s
3.1. Cr
y
p
tograph
y
Based
Forensic Information Ba
se Algorithms
A new imp
r
ov
ised ve
rsi
on
of cryptog
r
a
p
h
ically st
ron
g
one
way ha
sh functio
n
s
which
can
prevent the h
a
cker
whi
c
h
can
not distu
r
b the in
form
a
t
ion in the Informatio
n ba
se [3]. A module
called not
ari
z
e will
ed
will be used
which will
send the hash val
ue as
a digital
document in
which
it perform
s th
e notari
z
atio
n
function
s through thi
s
we
will get the
notary id. Th
e notary id
a
nd
along
with the ha
sh fun
c
tional valu
e
s
will be
sto
r
ed in the
smaller Info
rmation ba
se
[4
].
Obtainin
g of notary is
sho
w
n in the bel
ow Figu
re 1.
(a) Normal
O
peratio
n
(b) Audit log
validation
Figure 1. Obtaining of nota
r
y id throug
h the normal an
d audit ope
rat
i
ons
In a different
physical lo
cation from th
e se
cu
red In
formation b
a
s
e a
se
cure
maste
r
Information
b
a
se
will be existed and will be
u
nde
r
a
u
d
i
t. Validity of the ma
ste
r
Inf
o
rmatio
n ba
se
should be checked; the valuator
will rescans the Information in
the Information base hashes
t
h
e
scann
ed Info
rmation a
n
d
send
s the
new h
a
sh value with th
e previo
us i
d
whi
c
h will
be
performance
by the notari
z
ation
servi
c
e. By
this notary id t
he it
will check the previous hash
values an
d n
e
w value
s
are same o
r
no
t, if not
then the Informatio
n base
will be comp
romi
sed,
Some alg
o
rit
h
ms h
a
s
bee
n implem
ente
d
[1-3] w
hen
any tampe
r
e
d
occu
rred to
the Informati
on
or not will be
checked.
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 25
02-4
752
IJEECS
Vol.
1, No. 2, February 201
6 : 406 – 410
408
3.2. Dete
ctio
n of Tamper
ed Foren
sic of the
Audit
Logging
The d
e
tectio
n
and lo
cali
zat
i
on [5] of tam
pere
d
foren
s
i
c
au
dit loggi
n
g
in the S
Q
L
serve
r
is said by Am
it Basu. In this he
explaine
d that
creatio
n of interwov
en chain of h
a
sh val
u
e
s
wi
th
the help
of de
tection a
nd
d
e
termin
ation
of audit t
abl
e
wheth
e
r
any
cha
nge
s di
d
or n
o
t in it. If any
informatio
n is inse
rted in t
he audit lo
g it will be rem
a
in intact. So
the Informati
on ba
se in th
e
audit log
will
be p
r
ote
c
ted,
authenti
c
ate
throu
gh t
he
SQL serve
r
. So the tamp
e
r
dete
c
tion l
o
gic
can b
e
appli
ed to the audit trail Information ba
se
whi
c
h is havi
ng of two ind
epen
dent tab
l
es,
they are Au
di
t table and A
udit user the
s
e a
r
e lo
cate
in the same
appli
c
ation
only. In this two
spe
c
ial
colum
n
s are
the
r
e whi
c
h will pro
t
ect
the audit
log
ta
ble call
ed HReserve
d
&
VReserv
e
d
whi
c
h are sh
own in the b
e
l
ow Figu
re 2.
1) In the HReserved the row
hash values will be
stored
2) In the VReserved the
colum
n
hash values will
be stored
and it also
contains hash
value ba
sed
on the HRe
s
e
r
ved value
s
o
f
the current row an
d the la
st two ro
ws.
This m
e
thod
has va
rio
u
s advantag
es it also
s
u
ffers
with s
o
me
limitations li
ke non-
cryptog
r
a
phi
cally strong h
a
s
h fun
c
tion
s and dete
c
tion
of forensi
c
al
gorithm.
Figure 2. Det
e
ction a
nd protection of au
dit log
3.3. In
v
estigation and
Ar
tifac
t
s o
f
Information Ba
se
Ho
w to
coll
ect the Inform
ation b
a
se a
r
tifacts which a
r
e mo
re
relev
ant in th
e Inf
o
rmatio
n
base inve
stig
ation, analy
z
e them a
nd fi
nd out the i
n
trusi
on in t
he I
n
formatio
n ba
se a
nd
retra
c
i
n
g
of it with in the serve
r
wil
l
be cl
early e
x
pl
ained
by Kevvie Fowle
r
[6, 7]. Vari
ous S
Q
L
server
artifact
s are
classified in two types. They
are:
1) Re
side
nt
Artifacts
2) Non
Re
sident
Artifacts
The
Re
sident
Artifacts
are
re
side
s in t
he f
iles
and
memory l
o
ca
tions of the
rese
rved
locatio
n
s of t
he SQL
serve
r
. The Non
Resid
ent Artifa
cts a
r
e resi
de
s with in file
s
but not explici
t
ly
reserve
d
for the SQL re
use. The belo
w
Figure 3 sh
o
w
s the
key artifacts
Evaluation Warning : The document was created with Spire.PDF for Python.
IJEECS
ISSN:
2502-4
752
Inform
ation Base Se
cu
rity
Thre
ats an
d Chall
enge
s' i
n
Inform
ation… (Dilip Kum
a
r Barai
)
409
Figure 3. The
SQL Artifacts
Each of th
e a
r
tifacts
are
explaine
d in the
bel
o
w
figure
whi
c
h i
s
com
p
re
ssed of fiv
e
types
to which how they will benefit an in
vestigation. Each
artifact
s will h
a
ve its own
way. The bel
ow
table sh
ows the cate
gori
e
s of SQL [8] artifacts and it
prima
r
y obje
c
tive with in the investigatio
n.
Table 1. Artifacts diffe
renti
a
tion and its
explanation
4. Conclusio
n
In this pape
r we cl
early ex
plaine
d how t
he Informatio
n base se
cu
ri
ty should be
maintain
usin
g some
algorith
m
s. E
s
pe
cially in t
he foren
s
ic
d
epartm
ent, the se
cu
rity for the serve
r
a
nd
Information b
a
se sh
ould b
e
very
high, misu
sag
e
of
information of victims medical informati
o
n
may lead to e
s
cape
of accuse
d from th
e juri
sdi
c
tion.
Different inte
rpolatio
n tech
nique
s a
r
e u
s
ed
for if any Information is en
crypted or n
o
t and va
rio
u
s a
ppro
a
che
s
are discu
s
sed i
n
this pap
er.
Referen
ces
[1]
KE Pavlo
u
, R
T
Snodgras
s.
T
he
T
iled Bit
m
ap F
o
re
nsic
Anal
ys
is Alg
o
ri
thm
.
IEEE Transactions on
Know
led
ge a
n
d
Information E
ngi
neer
in
g
. 20
10; 22(4): 5
90-
601.
[2]
Martin S Olivier. On
misinf
ormatio
n
cont
ext i
n
Informa
tion b
a
se F
o
r
ensics.
Di
g
i
tal In
ve
sti
g
a
t
ion
Volume.
200
9; 5(3-4): 11
5-12
3.
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 25
02-4
752
IJEECS
Vol.
1, No. 2, February 201
6 : 406 – 410
410
[3]
K
y
ri
acos P
a
vl
ou, Ric
har
d
T
Snodgrass.
F
o
rensic An
alysis of
Info
rmati
on bas
e
T
a
mperi
n
g
.
Internatio
na
l Confer
ence
o
n
Mana
gem
e
n
t of In
formation, Proce
edi
ngs of the A
C
M SIGMOD
Internatio
na
l C
onfere
n
ce o
n
Mana
geme
n
t o
f
In
formation, SESSION: Authenticati
on. 20
0
6
: 109-1
20.
[4]
M Malmgre
n
.
An Infrastructu
re
for Informati
on b
a
se T
a
mp
er Detecti
on
a
nd F
o
re
nsic A
n
al
ysis. H
onors
thesis. Univ. of
Arizona. 20
09.
[5]
Article b
y
A. Basu. F
o
rensic
T
a
mper Detection
in SQL Server. 200
6.
http://
w
w
w
.
sq
ls
ecurit
y
.
c
o
m/im
ages/tamp
er/ta
mperd
e
tection.
html
[6]
SQL Server
F
o
rensic
Ana
l
ysis
b
y
K
e
v
v
ie F
o
w
l
er
S
Q
L Server
F
o
rens
ic An
al
ysis, ISBN:
978
03
215
33
20
3.
[7] http://
w
w
w
.
applicationforensics.com/res
earch/microsoft/sql-server/sql-2000-2005-2008
[8]
Paul M W
r
ight.
Oracle Information b
a
se F
o
r
ensics us
ing L
ogMi
ner
. Conf
erenc
e, SANS Institute. 2005.
Evaluation Warning : The document was created with Spire.PDF for Python.