A Forensic Examination of Database Slack
Abstract
This research includes an examination and analysis of the phenomenon of database slack. Database forensics is an underexplored subfield of Digital Forensics, and the lack of research is becoming more important with every breach and theft of data. A small amount of research exists in the literature regarding database slack. This exploratory work examined what partial records of forensic significance can be found in database slack. A series of experiments performed update and delete transactions upon data in a PostgreSQL database, which created database slack. Patterns of hexadecimal indicators for database slack in the file system were found and analyzed. Despite limitations in the experiments, the results indicated that partial records of forensic significance are found in database slack. Significantly, partial records found in database slack may aid a forensic investigation of a database breach. The details of the hexadecimal patterns of the database slack fill in gaps in the literature, the impact of log findings on an investigation was shown, and complexity aspects back up existing parts of database forensics research. This research helped to lessen the dearth of work in the area of database forensics as well as database slack.
Degree
M.Sc.
Advisors
Rogers, Purdue University.
Subject Area
Computer science|Criminology
Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server.