What is Database Forensics?

Dear Readers, in this edition I am trying to throw some light on Database Forensics and please try to implement few important things that has been given in this article and I am sure that it will help you all in your relative fields. Database Forensics is a computer science term referring to the forensic study of databases. It means the Gathering and analyzing data in a manner as free from distortion or bias as possible to reconstruct data or what has happened in the past on a system. Computer forensics principles can be applied to a database, which is a persistent data store, often relational. For example the timestamps that apply to the update time of a row in a relational table can be inspected and tested for validity in order to verify the actions of a database user. Additionally copies of database evidence can be made in order to preserve that evidence for future presentation during a legal process. The forensic study of relational databases requires knowledge of the standard used to encode data on the computer disk. A documentation of standards used to encode information in well-known brands of DB such as SQL Server and Oracle has been contributed to the public domain. According to one recent Forrester study, 80 percent of data security breaches involve insiders, employees or those with internal access to an organization, putting information at risk. The big challenge for companies today – particularly as email and the Internet make sharing and distributing corporate information easier than ever - is to strike the right balance between providing workers with appropriate access and protecting sensitive information as much as possible. For example, database users traditionally are assigned a database administrator (DBA) role or granted multiple system privileges. As well, DBAs enjoy unbridled system access in order to manage companies’ IT infrastructure 24/7 and to respond to emergency situations. As companies continue to consolidate databases and streamline operations to maximize efficiency and the protection of data from external threats, this user- and role-based security model no longer complies with “need-to-know” security best-practices. Nor does the model meet SOX or PIPEDA regulatory requirements for adequate protection of data privacy. Today, to help ensure the safety, integrity and privacy of corporate information, more companies are pursuing a comprehensive, multi-factored security approach. Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. Database security is also a specialty within the broader discipline of computer security. Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems. Database security is more critical as networks have become more open. Databases provide many layers and types of information security, typically specified in the data dictionary, including:

  • Access control
  • Auditing
  • Authentication
  • Encryption
  • Integrity controls

Database security can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.