Forensic Analysis of Databases by Combining Multiple Evidences

The information security for securing enterprise databases from internal and external attacks and violations of mutual policy is an interminable struggle. With the growing number of attacks and frauds, the organizations are finding it difficult to meet various regulatory compliance requirements such as SOX, HIPAA, and state privacy laws. The aim here is to develop a methodology which monitors the database transactions on continuous basis and to make a decision whether the database transactions are legitimate or suspicious by combining multiple evidences gathered. The suspicious transactions can then be used for forensic analysis to reconstruct the illegal activity carried out in an organization. This can be achieved by incorporating information accountability in Database Management System. Information accountability means, the information usage should be transparent so that it is possible to determine whether a use is appropriate under a given set of rules. We focus on effective information accountability of data stored in high-performance databases through database forensics which collects and analyses database transactions collected through various sources and artifacts like data cache, log files, error logs etc. having volatile or non-volatile characteristics within high performance databases. The information and multiple evidences collected are then analyzed using an Extended Dempster-Shafer theory(EDST). It ?combines multiple such evidences and an initial belief is computed for suspected transactions which can be further used for reconstructing the activity in database forensics process.