Hauger W.K., Olivier M.S.
The impact of triggers on forensic acquisition and analysis of databases
SAIEE Africa Research Journal
Department of Computer Science, Corner of University Road and Lynnwood Road, University of Pretoria, Pretoria, South Africa; Department of Computer Science, University of Pretoria, Corner of University Road and Lynnwood Road, Pretoria, South Africa
Hauger, W.K., Department of Computer Science, Corner of University Road and Lynnwood Road, University of Pretoria, Pretoria, South Africa; Olivier, M.S., Department of Computer Science, University of Pretoria, Corner of University Road and Lynnwood Road, Pretoria, South Africa
An aspect of database forensics that has not received much attention in the academic research community yet is the presence of database triggers. Database triggers and their implementations have not yet been thoroughly analysed to establish what possible impact they could have on digital forensic analysis methods and processes. This paper firstly attempts to establish if triggers could be used as an anti-forensic mechanism in databases to potentially disrupt or even thwart forensic investigations. Secondly, it explores if triggers could be used to manipulate ordinary database actions for nefarious purposes and at the same time implicate innocent parties. The database triggers as defined in the SQL standard were studied together with a number of database trigger implementations. This was done in order to establish what aspects of a trigger might have an impact on digital forensic analysis. It is demonstrated in this paper that certain database forensic acquisition and analysis methods are impacted by the possible presence of non-data triggers. This is specific to databases that provide non-data trigger implementations. Furthermore, it finds that the forensic interpretation and attribution processes should be extended to include the handling and analysis of all database triggers. This is necessary to enable a more accurate attribution of actions in all databases that provide any form of trigger implementations. © 2014 IEEE.
Database forensics; Database triggers; Digital forensic analysis; Methods; Processes
Computer crime; Electronic crime countermeasures; Processing; Academic research; Analysis method; Anti-Forensics; Database triggers; Digital forensic analysis; Forensic acquisition; Forensic investigation; Methods; Database systems