| Today internet is more and more popular, it also participates in people’s work andlife, a huge number of personal information are memorized and transformed by internetas carrier, mean while, things like hacker attacks and database leaks happen veryfrequently, cybercrime is also rises. The technology of hacker attacks are improvedbecause of security and defense measures reinforcement; this causes network securityissues increasingly prominent. In the research of network security issues, many securityproducts appear such as firewall, intrusion detection devices, etc. which are mostlypassive with less effect of combating cybercrime, so the research of computer forensicsis particularly important. Computer forensics gets illegal attacks of hackers thencompletely reconstruction the process of attack make it to be the valid evidenceapprobated by the court, so we can attack cybercrime accurately and effectively, broughtnetwork offender to justice, this is the effective way of resolving network securityproblems.Computer forensics is the process of identifying, collecting, protecting, analyzing,archiving evidence which reliable enough, persuasive and accepted by the court.Conventional computer forensics only focus on static data of file system and dynamicdata of computer memory, only get some clear evidences of the existence such as eroticphoto, documentation associated with the crime, Trojan installed in a computer systemand back door, etc. exist in suspects computer, but neglect the collecting and analyzingof evidence of crime exist in the database. This is a age of information explosion, moreand more data are managed and saved by database system, which contains lots ofcrucial, sensitive importations such as names, ID card number, bank account, key words,transfer transaction, etc. so criminal behavior against database become to be the maindirection of hacker crime. People lost a lot in database leaking and being tampered, sopeople are looking forward the result of methods and technologies of database obtainingevidence and testing, which will provide much more clues and evidence for theinvestigation of cases.This paper use the database system “Microsoft SQL Server” as the research object,analyzes physical storage structure of database files and transaction logs. Standing at theposition of database administrator, this paper takes a simulation database attacks as anexample, analyzes the digital traces leaves in the database during the process of database attacks of Microsoft SQL Server, investigates the ways that digital evidenceextraction and test of Microsoft SQL Server2005.The writer wish to break the ice, pushon the research of database forensics. |
PDF Full Text Request