Visible to the public Structural Limitations of B+-Tree Forensics

TitleStructural Limitations of B+-Tree Forensics
Publication TypeConference Paper
Year of Publication2018
AuthorsKieseberg, Peter, Schrittwieser, Sebastian, Weippl, Edgar
Conference NameProceedings of the Central European Cybersecurity Conference 2018
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6515-4
Keywordsdatabase forensics, Databases, digital forensics, Human Behavior, information forensics, Metrics, pubcrawl, resilience, Scalability
AbstractDespite the importance of databases in virtually all data driven applications, database forensics is still not the thriving topic it ought to be. Many database management systems (DBMSs) structure the data in the form of trees, most notably B+-Trees. Since the tree structure is depending on the characteristics of the INSERT-order, it can be used in order to generate information on later manipulations, as was shown in a previously published approach. In this work we analyse this approach and investigate, whether it is possible to generalize it to detect DELETE-operations within general INSERT-only trees. We subsequently prove that almost all forms of B+-Trees can be constructed solely by using INSERT-operations, i.e. that this approach cannot be used to prove the existence of DELETE-operations in the past.
Citation Keykieseberg_structural_2018