Abstract:

Databases are indispensable parts of the information system. With the arrival of the era of big data, the database has become a target of criminals, and a large number of data are "dragged" for cyber theft and cyber fraud and other activities. The database has perfect log, so the database of crime scene contains a lot of evidences which can be used to derive back criminal process, confirm evidences and determine the invaders. Traditional database forensic is generally static forensic. Because the database is in a state of operation, a lot of evidences will be lost by the shutdown analysis, which has no practical significance. Because of the high complexity and constantly updating, the database forensic is always a difficult point of electronic data forensic. Because the operating mechanism of the database is special, it is difficult to carry out the evidences collection completely and effectively without the relevant database knowledge. Taking the most widely used Microsoft SQL database as an example, this paper conducts deep research on the database forensic, expounds the principle of online database forensic and related technologies, in order to find out the standard method to conduct online database forensic.

Key words: database forensic, online forensic, electronic data forensic, MS SQL