A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Forensic Deconstruction of Databases through Direct Storage Carving - Dr. Alexander Rasin Cyphercon 2.0 (Hacking Illustrated Series InfoSec Tutorial Videos)

Forensic Deconstruction of Databases through Direct Storage Carving
Dr. Alexander Rasin

Cyphercon 2.0

The increasing use of databases in the storage of critical and sensitive information in many organizations has lead to an increase in the rate at which databases are the target of computer crimes. While there are some techniques and tools available for database forensics, they typically assume apriori preparation (e.g., detailed logging) and rely on built-in database features working properly (e.g., no hacking). Investigators, alternatively, need forensic techniques that make no such assumptions and tools that can be applied to a damaged or an already-compromised database system. In this talk we present DBCarver, a tool for reconstructing database content from database storage (disk, RAM, etc.) without relying on any metadata from the database, or needing metadata from the OS/file system. The tool uses database page carving to reconstruct both query-able data and non-query-able data (deleted and auxiliary data). We describe how the two kinds of data can be combined to enable a variety of forensic analysis questions hitherto unavailable to forensic investigators, including finding evidence of database tampering. We conclude with a brief demo of DBCarver.

Dr. Alexander Rasin is an Assistant Professor in the College of Computing and Digital Media (CDM) at DePaul University. He received his Ph.D. and M.Sc. in Computer Science from Brown University, Providence. He is a co-Director of Data Systems and Optimization Lab at CDM and his primary research interest is in database forensics and cybersecurity applications of forensic analysis. Dr. Rasin?s other research projects focus on building and tuning performance of domain-specific data management systems ? currently in the areas of computer-aided diagnosis and software analytics. Several of his research projects are supported by NSF.

Back to Cyphercon 2.0 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast