Data Tamper Detection from NoSQL Database in Forensic Environment
Keywords:Database, database forensics, MongoDB, cassandra, NoSQL, tamper detection
The growth of service sector is increasing the usage of digital applications worldwide. These digital applications are making use of database to store the sensitive and secret information. As the database has distributed over the internet, cybercrime attackers may tamper the database to attack on such sensitive and confidential information. In such scenario, maintaining the integrity of database is a big challenge. Database tampering will change the database state by any data manipulation operation like insert, update or delete. Tamper detection techniques are useful for the detection of such data tampering which play an important role in database forensic investigation process. Use of NoSQL database has been attracted by big data requirements. Previous research work has limited to tamper detection in relational database and very less work has been found in NoSQL database. So there is a need to propose a mechanism to detect the tampering of NoSQL database systems. Whereas this article proposes an idea of tamper detection in NoSQL database such as MongoDB and Cassandra, which are widely used document-oriented and column-based NoSQL database respectively. This research work has proposed tamper detection technique which works in forensic environment to give more relevant outcome on data tampering and distinguish between suspicious and genuine tampering.
Guo J. 2011. Fragile watermarking scheme for tamper detection of relational database. In: 2011 Int. Conf. Comput. Manag. pp 1–4.
Pavlou KE, Snodgrass RT. 2008. Forensic analysis of database tampering. ACM Trans Database Syst 33(4):30.
Chopade R, Pachghare VK. 2019. Ten years of critical review on database forensics research. Digit. Investig. .
Cankaya EC, Kupka B. 2016. A survey of digital forensics tools for database extraction. In: Futur. Technol. Conf. pp 1014–1019.
DB-Engines Ranking - popularity ranking of database management systems. Available from: https://db-engines.com/en/ranking.
Xu M, Xu X, Xu J, Ren Y, Zhang H, Zheng N. 2014. A forensic analysis method for Redis database based on RDB and AOF file. J Comput 9(11):2538–2544.
What Is Amazon DynamoDB? - Amazon DynamoDB. Available from: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html.
Neo4j - Overview - Tutorialspoint. Available from: https://www.tutorialspoint.com/neo4j/neo4j_overview.htm.
Apache HBase – Apache HBaseTM Home. Available from: https://hbase.apache.org/.
Kataria C, Kanwal G. 2015. Database tamper detection. Int. J. 5:.
Kumbhare R, Nimbalkar S, Chopade R, Pachghare VK. 2020. Tamper Detection in MongoDB and CouchDB Database. In: Proceeding Int. Conf. Comput. Sci. Appl. pp 109–117.
Golhar A, Janvir S, Chopade R, Pachghare VK. 2020. Tamper Detection in Cassandra and Redis Database—A Comparative. In: Proceeding Int. Conf. Comput. Sci. Appl. ICCSA 2019. p 99.
The MongoDB 4.2 Manual — MongoDB Manual. Available from: https://docs.mongodb.com/manual/.
Mango DB. Top 5 considerations when evaluating NoSQL Databases. White Pap. .
Yoon J, Lee S. 2018. A method and tool to recover data deleted from a MongoDB. Digit Investig 24:106–120.
Yoon J, Jeong D, Kang C, Lee S. 2016. Forensic investigation framework for the document store NoSQL DBMS: MongoDB as a case study. Digit Investig 17:53–65.
What is Cassandra? | Datastax. Available from: https://www.datastax.com/cassandra.
How is data written? | Apache Cassandra 3.0. Available from: https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/dml/dmlHowDataWritten.html.
Okman L, Gal-Oz N, Gonen Y, Gudes E, Abramov J. 2011. Security issues in nosql databases. In: 2011IEEE 10th Int. Conf. Trust. Secur. Priv. Comput. Commun. pp 541–547.
Aggarwal P, Rani R. 2014. Security issues and user authentication in MongoDB. .
South Korean intelligence employee found dead - CNN. Available from: https://edition.cnn.com/2015/07/20/asia/south-korea-nis-suicide/index.html.
Other 26,000 MongoDB servers hit in a new wave of ransom attacksSecurity Affairs. Available from: https://securityaffairs.co/wordpress/62717/cyber-crime/mongodb-ransom-attacks.html.
Almost 4,000 databases wiped in ‘Meow’ attacks | WeLiveSecurity. Available from: https://www.welivesecurity.com/2020/07/27/almost-4000-databases-wiped-meow-attacks/.
Wagner J, Rasin A, Glavic B, Heart K, Furst J, Bressan L, Grier J. 2017. Carving database storage to detect and trace security breaches. Digit Investig 22:S127--S136.
The Sarbanes-Oxley Act 2002. Available from: http://www.soxlaw.com/.
Summary of the HIPAA Privacy Rule | HHS.gov. Available from: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html.
Tripathi S, Meshram BB. 2012. Digital evidence for database tamper detection. J Inf Secur 3(02):113.
Rajguru S, Sharma D. 2014. Database Tamper Detection and Analysis. Int. J. Comput. Appl. 105:.
Kataria C, Kanwal G. 2015. To detect who and when tamper data in database. Int J Eng Res Technol 4(06):181–2278.
Snodgrass RT, Yao SS, Collberg C. 2004. Tamper detection in audit logs. In: Proc. Thirtieth Int. Conf. Very large data bases-Volume 30. pp 504–515.
Khanuja HK, Adane DS. 2011. Database security threats and challenges in database forensic: A survey. Proc. 2011 Int. Conf. Adv. Inf. Technol. (AIT 2011), available http//www. ipcsit. com/vol20/33-ICAIT2011-A4072. pdf .
Azemović J, Mušić D. 2009. Efficient model for detection data and data scheme tempering with purpose of valid forensic analysis. 2009 Int. Conf. Comput. Eng. Appl. (ICCEA 2009) .
Kambire MK, Gaikwad PH, Gadilkar SY, Funde YA. 2015. An improved framework for tamper detection in databases. Int J Comput Sci Inf Technol 6:57–60.
Camino RD, State R, Montero L, Valtchev P. 2017. Finding Suspicious Activities in Financial Transactions and Distributed Ledgers. In: 2017 IEEE Int. Conf. Data Min. Work. pp 787–796.
Khanuja HK, Adane D. 2018. Detection of Suspicious Transactions with Database Forensics and Theory of Evidence. In: Int. Symp. Secur. Comput. Commun. pp 419–430.
Ericsson/ecaudit: Ericsson Audit plug-in for Apache Cassandra. Available from: https://github.com/Ericsson/ecaudit.
MongoDB: Understanding Oplog : Available from: http://dbversity.com/mongodb-understanding-oplog/.
Han J, Pei J, Kamber M. 2011. Data mining: concepts and techniques. Elsevier.
The seven types of e-commerce fraud explained - Information Age. Available from: https://www.information-age.com/seven-types-e-commerce-fraud-explained-123461276/.
3 Methods to Preserve Digital Evidence for Computer Forensics | CI Security. Available from: https://ci.security/resources/news/article/3-methods-to-preserve-digital-evidence-for-computer-forensics.
GitHub - ozlerhakan/mongodb-json-files: A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB. Available from: https://github.com/ozlerhakan/mongodb-json-files.
Scaling for the Future of Finance With Coinbase | MongoDB. Available from: https://www.mongodb.com/customers/coinbase.
Shanthi E, others. A MongoDB based Performance Optimization Framework for Big Data in Cloud Environments.
Cassandra deployment architectures. Available from: https://docs.axway.com/bundle/APIGateway_753_InstallationGuide_allOS_en_HTML5/page/Content/InstallGuideTopics/cassandra_architecture.htm.