Summary The increasing use of databases in the storage of critical and sensitive information in many organizations has lead to an increase in the rate at which databases are the target of computer crimes. While there are some techniques and tools available for database forensics, they typically assume apriori preparation (e.g., detailed logging) and rely on built-in database features working properly (e.g., no hacking). Investigators, alternatively, need forensic techniques that make no such assumptions and tools that can be applied to a damaged or an already-compromised database system. In this talk we present DBCarver, a tool for reconstructing database content from database storage (disk, RAM, etc.) without relying on any metadata from the database, or needing metadata from the OS/file system. The tool uses database page carving to reconstruct both query-able data and non-query-able data (deleted and auxiliary data). We describe how the two kinds of data can be combined to enable a variety of forensic analysis questions hitherto unavailable to forensic investigators, including finding evidence of database tampering. We conclude with a brief demo of DBCarver.
Directed : Unknown
Written : Unknown
Stars : Michael Goetzman Demetrius Comes Ed Abrams Richard Thieme
Genres : Documentary
Release date : Jul 23, 2022
Countries of origin : United States
Official sites : Official website
Language : English
Production companies : 249 Studios
Summary The increasing use of databases in the storage of critical and sensitive information in many organizations has lead to an increase in the rate at which databases are the target of computer crimes. While there are some techniques and tools available for database forensics, they typically assume apriori preparation (e.g., detailed logging) and rely on built-in database features working properly (e.g., no hacking). Investigators, alternatively, need forensic techniques that make no such assumptions and tools that can be applied to a damaged or an already-compromised database system. In this talk we present DBCarver, a tool for reconstructing database content from database storage (disk, RAM, etc.) without relying on any metadata from the database, or needing metadata from the OS/file system. The tool uses database page carving to reconstruct both query-able data and non-query-able data (deleted and auxiliary data). We describe how the two kinds of data can be combined to enable a variety of forensic analysis questions hitherto unavailable to forensic investigators, including finding evidence of database tampering. We conclude with a brief demo of DBCarver.
Genres : Documentary
Release date : Jul 23, 2022
Countries of origin : United States
Official sites : Official website
Language : English
Production companies : 249 Studios
