Data Tamper Detection from NoSQL Database in Forensic Environment

Keywords: Database, database forensics, MongoDB, cassandra, NoSQL, tamper detection


The growth of service sector is increasing the usage of digital applications worldwide. These digital applications are making use of database to store the sensitive and secret information. As the database has distributed over the internet, cybercrime attackers may tamper the database to attack on such sensitive and confidential information. In such scenario, maintaining the integrity of database is a big challenge. Database tampering will change the database state by any data manipulation operation like insert, update or delete. Tamper detection techniques are useful for the detection of such data tampering which play an important role in database forensic investigation process. Use of NoSQL database has been attracted by big data requirements. Previous research work has limited to tamper detection in relational database and very less work has been found in NoSQL database. So there is a need to propose a mechanism to detect the tampering of NoSQL database systems. Whereas this article proposes an idea of tamper detection in NoSQL database such as MongoDB and Cassandra, which are widely used document-oriented and column-based NoSQL database respectively. This research work has proposed tamper detection technique which works in forensic environment to give more relevant outcome on data tampering and distinguish between suspicious and genuine tampering.  


Download data is not yet available.

Author Biographies

Rupali Chopade, Department of Computer Engineering and IT, College of Engineering Pune, Savitribai Phule Pune University, India

Rupali Chopade is a full time Research Scholar under AICTE-QIP scheme, at Department of Computer Engineering and IT, College of Engineering Pune, India. She is working as Assistant Professor at Department of Information Technology, Marathwada Mitra Mandal’s College of Engineering Pune, India. She has 17 years of teaching experience. Her research interest includes database forensics and database security. She has received “Distinguished HOD “Award by Computer Society of India (CSI) in 2017.

Vinod Pachghare, Department of Computer Engineering and IT, College of Engineering Pune, Savitribai Phule Pune University, India

Vinod Pachghare is Associate Professor in the Department of Computer Engineering and Information Technology, College of Engineering, Pune (An autonomous institute of Government of Maharashtra), India. He has 29 years of teaching experience and has published the books on Cloud Computing and Computer Graphics. Dr. Pachghare has over 37 research publications in various international journals and conferences. His area of research is network security. Also he is a member of Board of studies in Computer Engineering / Information Technology of a number of Autonomous Institutes. He is an Investigator for the Information Security Education and Awareness [ISEA] Project, Ministry of Information Technology, Govt. of India. He was a Principal Investigator for a research project “Wireless IDS”, sponsored by AICTE, New Delhi. He delivered lectures on recent and state of the art topics in Computer Engineering and Information Technology as an invited speaker. He has received “Best Faculty Award” 2018 by CSI, Mumbai Chapter.


Guo J. 2011. Fragile watermarking scheme for tamper detection of relational database. In: 2011 Int. Conf. Comput. Manag. pp 1–4.

Pavlou KE, Snodgrass RT. 2008. Forensic analysis of database tampering. ACM Trans Database Syst 33(4):30.

Chopade R, Pachghare VK. 2019. Ten years of critical review on database forensics research. Digit. Investig. .

Cankaya EC, Kupka B. 2016. A survey of digital forensics tools for database extraction. In: Futur. Technol. Conf. pp 1014–1019.

DB-Engines Ranking - popularity ranking of database management systems. Available from:

Xu M, Xu X, Xu J, Ren Y, Zhang H, Zheng N. 2014. A forensic analysis method for Redis database based on RDB and AOF file. J Comput 9(11):2538–2544.

What Is Amazon DynamoDB? - Amazon DynamoDB. Available from:

Neo4j - Overview - Tutorialspoint. Available from:

Apache HBase – Apache HBaseTM Home. Available from:

Kataria C, Kanwal G. 2015. Database tamper detection. Int. J. 5:.

Kumbhare R, Nimbalkar S, Chopade R, Pachghare VK. 2020. Tamper Detection in MongoDB and CouchDB Database. In: Proceeding Int. Conf. Comput. Sci. Appl. pp 109–117.

Golhar A, Janvir S, Chopade R, Pachghare VK. 2020. Tamper Detection in Cassandra and Redis Database—A Comparative. In: Proceeding Int. Conf. Comput. Sci. Appl. ICCSA 2019. p 99.

The MongoDB 4.2 Manual — MongoDB Manual. Available from:

Mango DB. Top 5 considerations when evaluating NoSQL Databases. White Pap. .

Yoon J, Lee S. 2018. A method and tool to recover data deleted from a MongoDB. Digit Investig 24:106–120.

Yoon J, Jeong D, Kang C, Lee S. 2016. Forensic investigation framework for the document store NoSQL DBMS: MongoDB as a case study. Digit Investig 17:53–65.

What is Cassandra? | Datastax. Available from:

How is data written? | Apache Cassandra 3.0. Available from:

Okman L, Gal-Oz N, Gonen Y, Gudes E, Abramov J. 2011. Security issues in nosql databases. In: 2011IEEE 10th Int. Conf. Trust. Secur. Priv. Comput. Commun. pp 541–547.

Aggarwal P, Rani R. 2014. Security issues and user authentication in MongoDB. .

South Korean intelligence employee found dead - CNN. Available from:

Other 26,000 MongoDB servers hit in a new wave of ransom attacksSecurity Affairs. Available from:

Almost 4,000 databases wiped in ‘Meow’ attacks | WeLiveSecurity. Available from:

Wagner J, Rasin A, Glavic B, Heart K, Furst J, Bressan L, Grier J. 2017. Carving database storage to detect and trace security breaches. Digit Investig 22:S127--S136.

The Sarbanes-Oxley Act 2002. Available from:

Summary of the HIPAA Privacy Rule | Available from:

Tripathi S, Meshram BB. 2012. Digital evidence for database tamper detection. J Inf Secur 3(02):113.

Rajguru S, Sharma D. 2014. Database Tamper Detection and Analysis. Int. J. Comput. Appl. 105:.

Kataria C, Kanwal G. 2015. To detect who and when tamper data in database. Int J Eng Res Technol 4(06):181–2278.

Snodgrass RT, Yao SS, Collberg C. 2004. Tamper detection in audit logs. In: Proc. Thirtieth Int. Conf. Very large data bases-Volume 30. pp 504–515.

Khanuja HK, Adane DS. 2011. Database security threats and challenges in database forensic: A survey. Proc. 2011 Int. Conf. Adv. Inf. Technol. (AIT 2011), available http//www. ipcsit. com/vol20/33-ICAIT2011-A4072. pdf .

Azemović J, Mušić D. 2009. Efficient model for detection data and data scheme tempering with purpose of valid forensic analysis. 2009 Int. Conf. Comput. Eng. Appl. (ICCEA 2009) .

Kambire MK, Gaikwad PH, Gadilkar SY, Funde YA. 2015. An improved framework for tamper detection in databases. Int J Comput Sci Inf Technol 6:57–60.

Camino RD, State R, Montero L, Valtchev P. 2017. Finding Suspicious Activities in Financial Transactions and Distributed Ledgers. In: 2017 IEEE Int. Conf. Data Min. Work. pp 787–796.

Khanuja HK, Adane D. 2018. Detection of Suspicious Transactions with Database Forensics and Theory of Evidence. In: Int. Symp. Secur. Comput. Commun. pp 419–430.

Ericsson/ecaudit: Ericsson Audit plug-in for Apache Cassandra. Available from:

MongoDB: Understanding Oplog : Available from:

Han J, Pei J, Kamber M. 2011. Data mining: concepts and techniques. Elsevier.

The seven types of e-commerce fraud explained - Information Age. Available from:

3 Methods to Preserve Digital Evidence for Computer Forensics | CI Security. Available from:

GitHub - ozlerhakan/mongodb-json-files: A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB. Available from:

Scaling for the Future of Finance With Coinbase | MongoDB. Available from:

Shanthi E, others. A MongoDB based Performance Optimization Framework for Big Data in Cloud Environments.

Cassandra deployment architectures. Available from:

Emerging Trends in Cyber Security and Cryptography