CDBFIP: Common Database Forensic Investigation Processes for Internet of Things

Arafat Al-Dhaqm; Shukor Razak; Siti Hajar Othman; Kim-Kwang Raymond Choo; William Bradley Glisson; Abdulalem Ali; Mohammad Abrar

doi:10.1109/ACCESS.2017.2762693

IEEE Access (Jan 2017)

CDBFIP: Common Database Forensic Investigation Processes for Internet of Things

Arafat Al-Dhaqm,
Shukor Razak,
Siti Hajar Othman,
Kim-Kwang Raymond Choo,
William Bradley Glisson,
Abdulalem Ali,
Mohammad Abrar

Affiliations

Arafat Al-Dhaqm: Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, Johor, Malaysia
Shukor Razak: Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, Johor, Malaysia
Siti Hajar Othman: Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, Johor, Malaysia
Kim-Kwang Raymond Choo: ORCiD; Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA
William Bradley Glisson: School of Computing, University of South Alabama, Mobile, AL, USA
Abdulalem Ali: Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, Johor, Malaysia
Mohammad Abrar: Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, Johor, Malaysia

DOI: https://doi.org/10.1109/ACCESS.2017.2762693
Journal volume & issue: Vol. 5
pp. 24401 – 24416

Abstract

Read online

Database forensics is a domain that uses database content and metadata to reveal malicious activities on database systems in an Internet of Things environment. Although the concept of database forensics has been around for a while, the investigation of cybercrime activities and cyber breaches in an Internet of Things environment would benefit from the development of a common investigative standard that unifies the knowledge in the domain. Therefore, this paper proposes common database forensic investigation processes using a design science research approach. The proposed process comprises four phases, namely: 1) identification; 2) artefact collection; 3) artefact analysis; and 4) the documentation and presentation process. It allows the reconciliation of the concepts and terminologies of all common database forensic investigation processes; hence, it facilitates the sharing of knowledge on database forensic investigation among domain newcomers, users, and practitioners.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords