Special Issue Paper
The effective method of database server forensics on the enterprise environment
Article first published online: 7 MAR 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Special Issue: Next Generation Communication and Network Security
Volume 5, Issue 10, pages 1086–1093, October 2012
How to Cite
Son, N., Lee, K., Jeon, S., Lee, S. and Lee, C. (2012), The effective method of database server forensics on the enterprise environment. Security Comm. Networks, 5: 1086–1093. doi: 10.1002/sec.510
- Issue published online: 26 SEP 2012
- Article first published online: 7 MAR 2012
- Manuscript Accepted: 17 DEC 2011
- Manuscript Received: 30 AUG 2011
- database server;
- network topology
When a forensic investigation is carried out in the enterprise environment, most of the important data are stored in database servers, and data stored in them are very important elements for a forensic investigation. As for database servers with such data stored, there are over 10 various kinds, such as SQL Server and Oracle. All the methods of investigating a database system are important, but this study suggests a single methodology likely to investigate all the database systems while considering the unique characteristics of each database system. A method of detecting a server and acquiring and investigating data in the server can be effectively used for such an investigation on the enterprise environment. For the existing investigation on server systems, severs should be shut down, and disc imaging should be conducted first. However, such a method may inflict great losses on the company in some cases. That is why we need a method to acquire data of a server in on-line state, and this study discusses this method. Besides, on the basis of methodology, this study attempts to determine a possibility that this new forensic investigation method can be practically used by directly applying this method to SQL Server and MySQL databases. Copyright © 2012 John Wiley & Sons, Ltd.