Assembling the Metadata for a Database Forensic Examination

Beyers, Olivier, and Hancke


Citation information

H. Beyers, M. S. Olivier, and G. P. Hancke. Assembling the metadata for a database forensic examination. In G. Peterson and S. Shenoi, editors, Advances in Digital Forensics VII, pages 89–99. Springer, 2011b


Since information is often a primary target in a computer crime, organizations that store their information in database management systems (DBMSs) must develop a capability to perform database forensics. This paper describes a database forensic method that transforms a DBMS into the required state for a database forensic investigation. The method segments a DBMS into four abstract layers that separate the various levels of DBMS metadata and data. A forensic investigator can then analyze each layer for evidence of malicious activity. Tests performed on a compromised PostgreSQL DBMS demonstrate that the segmentation method provides a means for extracting the compromised DBMS components.

Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1007/978-3-642-24212-0_7

BibTeX reference

AUTHOR={Hector Beyers and Martin S Olivier and Gerhard P Hancke},
TITLE={Assembling the Metadata for a Database Forensic Examination},
BOOKTITLE={Advances in Digital Forensics {VII}},
EDITOR={Gilbert Peterson and Sujeet Shenoi},
PAGES={89--99} )

[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: January 16, 2018

Beta version of new bibliography database; please report errors (or copyright violations) that may have slipped in.