Browse > Article
http://dx.doi.org/10.3745/KTSDE.2020.9.4.123

Detecting Methods of the Database Block Size for Digital Forensics  

Kim, Sunkyung (한국방송통신대학교 정보과학과)
Park, Ji Su (전주대학교 컴퓨터공학과)
Shon, Jin Gon (한국방송통신대학교 컴퓨터과학과)
Publication Information
KIPS Transactions on Software and Data Engineering / v.9, no.4, 2020 , pp. 123-128 More about this Journal
Abstract
As the use of digital devices is becoming more commonplace, digital forensics techniques recover data to collect physical evidence during the investigation. Among them, the file forensics technique recovers deleted files, therefore, it can recover the database by recovering all files which compose the database itself. However, if the record is deleted from the database, the modified record contents will not be restored even if the file is recovered. For this reason, the database forensics technique is required to recover deleted records. Database forensics obtains metadata from database configuration files and recovers deleted records from data files. However, record recovery is difficult if database metadata such as block size cannot be obtained from the database. In this paper, we propose three methods for obtaining block size, which is database metadata. The first method uses the maximum size of free space in the block, and the second method uses the location where the block appears. The third method improves the second method to find the block size faster. The experimental results show that three methods can correctly find the block size of three DBMSes.
Keywords
Digital Forensics; Database Forensics; Metadata; Block Size;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 Min Chen, Shiwen Mao, and Yunhao Liu, "Big Data: A Survey," Mobile Networks and Applications, Vol.19, No.2, pp.171-209, 2014.   DOI
2 Supreme Proscutors' Office ROK, Scientific Investigation-Digital Investigation Support [Internet], https://www.spo.go.kr/site/spo/02/10206040000002018100812.jsp. [Accessed Oct. 24, 2018.
3 James Wagner, Alexander Rasin, and Jonathan Grier, "Database Forensic Analysis Through Internal Structure Carving," Digital Investigation, Vol.14, pp.106-115, 2015.
4 R. Chopade and V. K. Pachghare, "Ten Years of Critical Review on Database Forensics Research," Digital Investigation, Vol.29, pp.180-197, 2019.   DOI
5 M. A. M. Guimaraes, R. Austin, and H. Said, "Database Forensics," in Information Security Curriculum Development Conference, pp.62-65, 2010.
6 James Wanger, Alexander Rasin, Karen Hear, Rebecca Jacob, and Jonathan Grier, "DB3F & DB-Toolkit: The Database Forensic File Format and the Database Forensic Toolkit," Digital Investigation, Vol.29, pp.42-50, 2019.
7 Jong-Hyun Choi, DooWoo Jeong, and Sangjin Lee, "The method of recovery for deleted record in Oracle Database," Journal of The Korea Institue of Information Security & Cryptology, Vol.23, No.5, pp.947-955, 2013.   DOI
8 Jeewon Jang, Doowon Jeoung, and Sang Jin Lee, "The Recovery Method for MySQL InnoDB Using Feature of IBD Structure," KIPS Tr. Comp. and Comm. Sys. Vol.6, No.2, pp.59-66, 2017.   DOI
9 Jung Sung Kyun, Jee Won Jan, Doo Won Jeong, and Sang Jin Lee, "A Study on the Improvement Method of Delete Record Recovery in MySQL InnoDB," KIPS Tr. Comp. and Comm. Sys., Vol.6, No.12, pp.487-496, 2017.   DOI
10 A. Silberschatz, H. F. Korth, and S. Sudarshan, "Database System Concepts 6th Edition," New York: McGraw-Hill Education, pp.456-457, Jan. 2010.
11 Jiho Shin, "Comparison of Remaining Data According to Deletion Events on Microsoft SQL Server," Journal of The KIIS&C, Vol.27, No.2, pp.223-232, 2017.