Forensic Investigation in SQL Server Database Using Temporal Tables & Extended Events Artifacts

Shadi Khaled A. Zakarneh(1*),

(1) Palestine Technical University- Kadoorei
(*) Corresponding Author

Abstract


Different Database management systems (DBMS) were developed and introduced to store and manipulate data. Microsoft SQL (MSSQL) Server one of the most popular relational DBMS used for large databases. With the increasing use of databases, intentional and unintentional accidents on databases are increasing dramatically. Therefore, there is a great need to develop database forensic investigation (DBFI) tools and models. The temporal table is a new feature introduced with MSSQL server 2012 for track changes, database audit, data loss protection, and data recovery. In addition, the extended events another new feature introduced with MSSQL server 2008 for database performance troubleshooting. This study focused on DBFI in the MSSQL server using temporal tables and extended events artifacts. The experiment is conducted and the results have presented the use of the temporal tables and extended events artifacts in analyzing and determining the internal unauthorized modification on the database.

Full Text:

PDF

References


P. A. Carter, Pro SQL Server 2019 Administration, (2019).

D. Korotkevitch, Pro SQL Server Internals, (2016).

L. Davidson, Pro SQL Server Relational Database Design and Implementation, (2021).

B. Ward, SQL Server 2019 on Linux, (2019).

B. Nevarez, Performance SQL Server, (2021).

A. P. Jamdar, M. B. Bhangire, S. G. Shahari, and K. G. Matere, an Efficient Framework for Database Forensic Analysis., Int. J. Adv. Eng. Res. Dev., 4 (5) (2017) 12634–12637

M. Kamaruzzaman, “Top 10 Databases to Use in 2021,” Towards Data Science, https://towardsdatascience.com/top-10-databases-to-use-in-2021-d7e6a85402ba (accessed Jun. 11, 2021), (2021).

Ghanayem, Mark, W. Rohm, and J. Parente, Temporal Tables, Microsoft. https://docs.microsoft.com/en-us/sql/relational-databases/tables/temporal-tables?view=sql-server-ver15 (accessed Jun. 17, 2021). (2016).

P. Jayaram, Temporal Tables in SQL Server, SQL Shake, https://www.sqlshack.com/temporal-tables-in-sql-server/, (2019).

S. Johnson, Introducing SQL Server, (2015).

A. Al-Dhaqm et al., Database forensic investigation process models: A review, IEEE Access, 8 (2020) 48477–48490.

R. Bria, A. Retnowardhani, and D. N. Utama, Five Stages of Database Forensic Analysis: A Systematic Literature Review, Proc. 2018 Int. Conf. Inf. Manag. Technol. ICIMTech 2018, no. September, (2018) 246–250,

B. Narwal, A Walkthrough of Digital Forensics and its Tools, March (2020) 13757–13764, 2020.

J. Wagner, A. Rasin, K. Heart, T. Malik, J. Furst, and J. Grier, Detecting database file tampering through page carving, Adv. Database Technol. - EDBT, 2018-March, (2018) 121–132.

H. Choi, S. Lee, and D. Jeong, “Forensic Recovery of SQL Server Database: Practical Approach,” IEEE Access, 9 (2021) 14564–14575.

R. Jason, A. Wolter, and M. MSFT, Extended events overview, Microsoft, https://docs.microsoft.com/en-us/sql/relational-databases/extended-events/extended-events?view=sql-server-ver15, (2019).

A. Al-Dhaqm, S. Razak, S. H. Othman, A. Ngadi, M. N. Ahmed, and A. A. Mohammed, Development and validation of a database forensic metamodel (DBFM), 12(2) (2017).

V. K. Gupta, J. Bonde, A. Gorad, and P. Joshi, Duel Security-Detection of Database Modification Attack and Restore Facility from Unauthorized Access, 7(6) (2020) 983–987.




DOI: https://doi.org/10.24071/ijasst.v5i1.4611

Refbacks










Publisher : Faculty of Science and Technology

Society/Institution : Sanata Dharma University

 

 

 

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.