KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Digital Forensics Investigation of Redis Database

Redis 데이터베이스에 대한 디지털 포렌식 조사 기법 연구

  • Received : 2016.03.10
  • Accepted : 2016.05.17
  • Published : 2016.05.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, increasing utilization of Big Data or Social Network Service involves the increases in demand for NoSQL Database that overcomes the limitations of existing relational database. A forensic examination of Relational Database has steadily researched in terms of Digital Forensics. In contrast, the forensic examination of NoSQL Database is rarely studied. In this paper, We introduce Redis (which is) based on Key-Value Store NoSQL Database, and research the collection and analysis of forensic artifacts then propose recovery method of deleted data. Also we developed a recovery tool, it will be verified our recovery algorithm.

최근 빅 데이터나 소셜 네트워크 서비스의 활용도가 증가하면서 기존 관계형 데이터베이스의 한계를 극복한 NoSQL 데이터베이스의 수요가 꾸준히 증가하고 있다. 디지털 포렌식 관점에서 관계형 데이터베이스의 디지털 포렌식 조사 기법은 꾸준히 연구되어 왔으나 NoSQL 데이터베이스의 디지털 포렌식 조사 기법에 대한 연구는 거의 없는 실정이다. 본 논문에서는 메모리 기반의 Key-Value Store NoSQL 데이터베이스인 Redis를 소개하고 디지털 포렌식 관점에서 살펴보아야 할 아티팩트의 수집과 분석, 삭제된 데이터 복구 기법을 제안한다. 또한 제안된 데이터 복구 기법을 도구로 구현하여 복구 기법을 검증한다.

Keywords

References

  1. National Information Society Agency, "Big Data era which opens a new future," revised ed., Seoul: NIA, 2013.
  2. J. H. Kwon, "The latest trend of NoSQL database," The KIPS, Vol.22, No.4, pp.35-47, 2015.
  3. K. S. Lim, D. C. Lee, J. H. Park, and S. J. Lee, "A Novel Database Forensic Technique Using Table Relationship Analysis," Korea Multimedia Society Fall Conference Proceedings, pp.65-68, 2009.
  4. D. C. Lee and S. J. Lee, "Research of Organized Data Extraction Method for Digital Investigation in Relational Database System," Journal of The Korea Institute of Information Security and Cryptology, Vol.22, No.3, pp.565-573, 2012.
  5. Paul M. Wright, "Oracle database forensics using LogMiner," in Proceedings of the GIAC SANS Institute, Ed., 2005.
  6. P. Fruhwirt, P. Kieseberg, S. Schrittwieser, M. Huber, and E. Weippl, "InnoDB Database Forensics : Reconstructing Data Manipulation Queries from Redo Logs," in Proceedings of the IEEE Availability, Reliability and Security, Prague, 2012, pp.625-633.
  7. J. H. Choi, D. W. Jung, and S. J. Lee, "The Method of Recovery for Deleted record in Oracle Database," Journal of The Korea Institute of Information Security and Cryptology, Vol.23, No.5, pp.947-955, 2013. https://doi.org/10.13089/JKIISC.2013.23.5.947
  8. James Wagner, Alexander Rasin, and Jonathan Grier, "Database forensic analysis through internal structure carving," in Proceedings of the Fifteenth Annual DFRWS Conference, Philadelphia, 2015, pp.S106-S115.
  9. J. S. Yoon, D. W. Jung, C. H. Kang, and S. J. Lee, "Digital Forensic Investigation of MongoDB," Journal of The Korea Institute of Information Security and Cryptology, Vol.24, No.1, pp.123-134, 2014. https://doi.org/10.13089/JKIISC.2014.24.1.123
  10. Ming Xu, Xiaowei Xu, Jian Xu, Yizhi Ren, Haiping Zheng, and Ning Zheng, "A Forensic Analysis Method for Redis Database Based on RDB and AOF File," Journal of Computers, Vol.9, No.11, pp.2538-2544, 2014.
  11. DB-ENGINES Ranking [Internet], http://www.http://dbengines.com/en/ranking.
  12. Eric Redmond and Jim R. Wilson, "Seven Databases in Seven Weeks," ed., Dallas, Texas.Raleigh, North Carolina: The Pragmatic Bookshelf, 2012
  13. Redisgate [internet], http://www.redisgate.com/.
  14. Redis-rdb-tools [internet], https://github.com/sripathikrishnan/redis-rdb-tools/wiki/Redis-RDB-Dump-File-Format.