信息网络安全 ›› 2016, Vol. 16 ›› Issue (9): 26-30.doi: 10.3969/j.issn.1671-1122.2016.09.005

• • 上一篇    下一篇

MS SQL数据库在线取证研究

刘浩阳()   

  1. 大连市公安局,辽宁大连116011
  • 收稿日期:2016-07-25 出版日期:2016-09-20 发布日期:2020-05-13
  • 作者简介:

    作者简介: 刘浩阳(1978—),男,辽宁,硕士,主要研究方向为电子数据取证、网络犯罪侦查。

Research on Online Forensic of MS SQL Database

Haoyang LIU()   

  1. Dalian Public Security Bureau, Dalian Liaoning 116011,China
  • Received:2016-07-25 Online:2016-09-20 Published:2020-05-13

摘要:

数据库是信息系统中不可或缺的部分。随着大数据时代的到来,数据库已经成为犯罪分子的目标,大量数据库被“拖库”用于网络盗窃和网络诈骗等活动。数据库具备完善的日志,因此案件现场的数据库蕴含了大量证据,可以根据这些证据回溯犯罪过程、固定证据并确定入侵者。传统的数据库取证一般都是停机后进行静态取证,由于数据库时刻处于运行状态,停机分析将会灭失大量证据,不具有实际意义。在线数据库操作比较复杂,同时数据不断更新,使得数据库取证一直成为取证的难点。此外,不同数据库的运行各有特点,不具备相应数据库知识的取证人员很难对数据进行完整有效的取证。文章以使用最为广泛的Microsoft SQL数据库为例,对数据库取证进行了深入研究,阐述了在线数据库取证的原理和相关技术,力图寻找在线数据库取证的标准方法。

关键词: 数据库取证, 在线取证, 电子数据取证, MS SQL

Abstract:

Databases are indispensable parts of the information system. With the arrival of the era of big data, the database has become a target of criminals, and a large number of data are "dragged" for cyber theft and cyber fraud and other activities. The database has perfect log, so the database of crime scene contains a lot of evidences which can be used to derive back criminal process, confirm evidences and determine the invaders. Traditional database forensic is generally static forensic. Because the database is in a state of operation, a lot of evidences will be lost by the shutdown analysis, which has no practical significance. Because of the high complexity and constantly updating, the database forensic is always a difficult point of electronic data forensic. Because the operating mechanism of the database is special, it is difficult to carry out the evidences collection completely and effectively without the relevant database knowledge. Taking the most widely used Microsoft SQL database as an example, this paper conducts deep research on the database forensic, expounds the principle of online database forensic and related technologies, in order to find out the standard method to conduct online database forensic.

Key words: database forensic, online forensic, electronic data forensic, MS SQL

中图分类号: