Where do Databases and Digital Forensics meet? A Comprehensive Survey and Taxonomy
Abstract
We present a systematic literature review and propose a taxonomy for research at the intersection of Digital Forensics and Databases. The merge between these two areas has become more prolific due to the growing volume of data and mobile apps on the Web, and the consequent rise in cyber attacks. Our review has identified 91 relevant papers. The taxonomy categorizes such papers into: Cyber-Attacks (subclasses SQLi, Attack Detection, Data Recovery) and Criminal Intelligence (subclasses Forensic Investigation, Research Products, Crime Resolution). Overall, we contribute to better understanding the intersection between digital forensics and databases, and open opportunities for future research and development with potential for significant social, economic, and technical-scientific contributions.
References
[1]
J. Abraham et al. Automatically classifying crime scene images using machine learning methodologies. Forensic Sci Int'l: Dig Investigation, 39, 2021.
[2]
A. Al-Dhaqm et al. Cdbfip: Common database forensic investigation processes for internet of things. IEEE Access, 5:24401--24416, 2017.
[3]
A. Al-Dhaqm et al. Categorization and organization of database forensic investigation processes. IEEE Access, 8:112846--112858, 2020.
[4]
A. Al-Dhaqm et al. Database forensic investigation process models: A review. IEEE Access, 8:48477--48490, 2020.
[5]
A. Al-Dhaqm et al. Towards the development of an integrated incident response model for database forensic investigation field. IEEE Access, 8:145018--145032, 2020.
[6]
A. Al-Dhaqm et al. Face validation of database forensic investigation metamodel. Infrastructures, 6(2):1 -- 19, 2021.
[7]
D. Alam et al. A case study of sql injection vulnerabilities assessment of .bd domain web applications. In CyberSec, pages 73--77, 2015.
[8]
A. A. Alhussan et al. A unified forensic model applicable to the database forensics field. Electronics (Switzerland), 11(9), 2022.
[9]
M. P. Bach et al. Internal fraud in a project-based organization: Chaid decision tree analysis. Procedia Computer Science, 138:680--687, 2018.
[10]
M. Bas Seyyar and Z. Geradts. Privacy impact assessment in large-scale digital forensic investigations. FSI: Dig. Investigation, 33:200906, 2020.
[11]
A. Beirami et al. Trusted relational databases with blockchain: design and optimization. Procedia Computer Science, 155:137--144, 2019.
[12]
P. Bhajaj et al. Figsi-facial image generation for suspect identification. LNNS, 351:877 -- 891, 2022.
[13]
D. M. Blei et al. Latent dirichlet allocation. JMLR, 3:993--1022, 2003.
[14]
T. Boll´e and E. Casey. Using computed similarity of distinctive digital traces to evaluate non-obvious links and repetitions in cyber-investigations. Dig. Investigation, 24:S2--S9, 2018.
[15]
A. Borgwart et al. Detection and forensics of domains hijacking. In GLOBECOM, 2015.
[16]
E. Casey. Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press, 2011.
[17]
K. Chang et al. Initial case analysis using windows registry in computer forensics. In FGCN, 2007.
[18]
P. S. Chen. Discovering investigation clues through mining criminal databases. In H. Chen and C. Yang, editors, Intelligence and Security Informatics: Techniques and Applications, pages 173--198. Springer Berlin Heidelberg, 2008.
[19]
J. Choi et al. Digital forensic analysis of encrypted database files in instant messaging applications on windows operating systems: Case study with kakaotalk, nateon and qq messenger. Dig. Investigation, 28:S50--S59, 2019.
[20]
J. Cohen. A coefficient of agreement for nominal scales. EPM, 20(1):37--46, 1960.
[21]
M. da Silveira and W. Brandao. Characterizing crimes from web. In BraSNAM, 2017.
[22]
D. Dave et al. Management of implicit requirements data in large SRS documents: Taxonomy and techniques. SIGMOD Rec., 51(2):18--29, 2022.
[23]
Y. Delgado et al. Forensic intelligence: Data analytics as the bridge between forensic science
[24]
A. Dimitriadis et al. D4i - digital forensics framework for reviewing and investigating cyber attacks. Array, 5:100015, 2020.
[25]
P. Drozdowski et al. The watchlist imbalance effect in biometric face identification: Comparing theoretical estimates and empiric measurements. In ICCVW, pages 3750--3758, 2021.
[26]
D. A. Flores et al. Combining digital forensic practices and database analysis as an anti-money laundering strategy for financial institutions. In EIDWT, 2012.
[27]
M. Fr¨owis et al. Safeguarding the evidential value of forensic cryptocurrency investigations. FSI: Dig. Investigation, 33:200902, 2020.
[28]
S. L. Garfinkel. Digital forensics research: The next 10 years. Dig. Investigation, 7:S64--S73, 2010.
[29]
A. Guarino. Digital forensics as a big data challenge. In ISSE, pages 197--203, 2013.
[30]
C. Hassenfeldt et al. Exploring the learning efficacy of digital forensics concepts and bagging & tagging of digital devices in immersive virtual reality. FSI: Dig. Investigation, 33:301011, 2020.
[31]
H. Henseler and S. van Loenhout. Educating judges, prosecutors and lawyers in the use of digital forensic experts. Dig. Investigation, 24:S76--S82, 2018.
[32]
W. Jo et al. Digital forensic practices and methodologies for AI speaker ecosystems. Dig. Investigation, 29:S80--S93, 2019.
[33]
D. Kao et al. A framework for sql injection investigations: Detection, investigation, and forensics. In SMC, pages 2838--2843, 2018.
[34]
M. Z. Khan et al. Cyber forensics evolution and its goals. In Critical Concepts, Standards, and Techniques in Cyber Forensics, pages 16--30. IGI Global, 2020.
[35]
B. Kitchenham and S. Charters. Guidelines for performing systematic literature reviews in software engineering. Technical report, Un of Durham, 2007.
[36]
A. K. Kyaw et al. Dictionary attack on wordpress: Security and forensic analysis. In InfoSec, pages 158--164, 2015.
[37]
X. Lin et al. Automated forensic analysis of mobile applications on android devices. Dig. Investigation, 26:S59--S66, 2018.
[38]
H. Ming and S. LiZhong. A new system design of network invasion forensics. In ICCEE, volume 2, pages 596--599, 2009.
[39]
J. Paglierani et al. Towards comprehensive and collaborative forensics on email evidence. In CollaborateCom, pages 11--20, 2013.
[40]
A. M. Palanisamy and R. V. Nataraj. A novel methodology to ensure data integrity in enterprise information systems using blockchain technology. In ICEEICT, pages 1--5, 2022.
[41]
G. S. Pandi (Jain) et al. Exploration of vulnerabilities, threats and forensic issues and its impact on the distributed environment of cloud and its mitigation. Procedia Computer Science, 167:163--173, 2020.
[42]
K. E. Pavlou and R. T. Snodgrass. Dragoon: An information accountability system for high-performance databases. In ICDE, 2012.
[43]
H. Pieterse et al. Playing hide-and-seek: Detecting the manipulation of android timestamps. In ISSA, 2015.
[44]
A. Pomeroy and Q. Tan. Effective sql injection attack reconstruction using network recording. In IEEE CIT, pages 552--556, 2011.
[45]
S. A. Qasim et al. Control logic forensics framework using built-in decompiler of engineering software in industrial control systems. FSI: Dig. Investigation, 33:301013, 2020.
[46]
Q. Rossy et al. Integrating forensic information in a crime intelligence database. FSI, 230(1--3):137--146, 2013.
[47]
E. Ryser et al. Structured decision making in investigations involving digital and multimedia evidence. FSI: Dig. Investigation, 34:301015, 2020.
[48]
P. Salunkhe et al. Data analysis of file forensic investigation. In SCOPES, pages 372--375, 2016.
[49]
J. Schneider et al. Tampering with digital evidence is hard: The case of main memory images. FSI: Dig. Investigation, 32:300924, 2020.
[50]
J. Schneider et al. Unifying metadata-based storage reconstruction and carving with layr. FSI: Dig. Investigation, 33:301006, 2020.
[51]
S. Schrittwieser et al. Digital forensics for enterprise rights management systems. In iiWAS, 2012.
[52]
S. C. Sethuraman et al. Visu: A 3-d printed functional robot for crowd surveillance. IEEE Consumer Electronics Mag., 10(1):17--23, 2021.
[53]
D. B. Seufitelli, M. A. Brandao, and M. M. Moro. Exploring the intersection between databases and digital forensics. Journal of Information and Data Management, 13(3), Sep. 2022.
[54]
P. Sharma et al. Enhanced forensic process for improving mobile cloud traceability in cloud-based mobile applications. Procedia Computer Science, 167:907--917, 2020.
[55]
L. F. Sikos. Packet analysis for network forensics: A comprehensive survey. FSI: Dig. Investigation, 32:200892, 2020.
[56]
C. Stelly and V. Roussev. Nugget: A digital forensics language. Dig. Investigation, 24:S38--S47, 2018.
[57]
A. Thakkar and R. Lohiya. A review of the advancement in intrusion detection datasets. Procedia Computer Science, 167:636--645, 2020.
[58]
R. Van Baar et al. Digital forensics as a service: A game changer. Digital Investigation, 11:S54--S62, 2014.
[59]
H. van Beek et al. Digital forensics as a service: Stepping up the game. FSI: Dig. Investigation, 35:301021, 2020.
[60]
K. Wu et al. The design and implementation of database audit system framework. In ICSESS, 2014.
[61]
X. Xie et al. Sql injection detection for web applications based on elastic-pooling cnn. IEEE Access, 7:151475--151481, 2019.
[62]
P. R. Yogesh and D. S. R. Backtracking tool root-tracker to identify true source of cyber crime. Procedia Computer Science, 171:1120--1128, 2020.
[63]
L. Zhang et al. Research and implementation of database operation recognition based on yolo v5 algorithm. In CISAI, pages 367--372, 2021.
[64]
X. Zhang et al. Iot botnet forensics: A comprehensive digital forensic case study on mirai botnet servers. FSI: Dig. Investigation, 32:300926, 2020
Recommendations
Digital Forensics and Crime Investigation: Legal Issues in Prosecution at National Level
SADFE '10: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic EngineeringAbstract: Revolution in Internet and ease in use of latest technology is significantly increasing the use of latest technology worldwide, day by day. Advancement in digital devices such as computers and cell phones also helped the people to work both ...
Comments
Information & Contributors
Information
Published In
September 2023
51 pages
ISSN:0163-5808
DOI:10.1145/3631504
- Editors:
- Rada Chirkova,
- Vanessa Braganholo,
- Wim Martens,
- Manos Athanassoulis,
- Marcelo Arenas,
- Marianne Winslett,
- Susan B. Davidson,
- Lyublena Antova,
- Aaron J. Elmore,
- Kyriakos Mouratidis,
- Dan Olteanu,
- Immanuel Trummer,
- Yannis Velegrakis,
- Renata Borovica-Gajic,
- Tamer Özsu,
- Pınar Tözün,
- Wook-Shin Han,
- Kenneth Ross,
- Alfons Kemper,
- Samuel Madden
Copyright © 2023 Copyright is held by the owner/author(s).
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 02 November 2023
Published in SIGMOD Volume 52, Issue 3
Check for updates
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 110Total Downloads
- Downloads (Last 12 months)88
- Downloads (Last 6 weeks)10
Reflects downloads up to 30 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in