Research And Implementation Of SQL Server Database Forensics And Analyses System

Nowadays,as information technology is changing rapidly,data is becoming the lifeblood of the Internet industry.With the promotion and wide use of Internet applications,the confidentiality and integrity of mass data is becoming increasingly difficult to be guaranteed.So the number of the crimes involved in digital data increases day by day.Unfortunately,the current judicial forensic system is not perfect for the new data crime.In order to improve the insufficiency of database forensic system,this paper proposes a complete set of general database forensic process,designs and implements a practical system of SQL Server database forensics.Meanwhile,on the basis of the existing work,the key technology of the transaction log analyses is put forward.In this paper,the specific research work is:Firstly,this paper puts forward a complete set of practical and feasible general database forensic process,including:forensic data preservation,log analysis,forensic data change authentication and data recovery,and explain the process operation and key technical problems.Secondly,this paper designs and implements a practical system of SQL Server database forensics,including determining forensic data source,forensic data files backup,principle and structure analysis of various logs,and data recovery,which is based on SQL Server database(2008 later version).Thirdly,this paper gives a detailed principle and structure analysis of the transaction log in the SQL Server.Based on the analyses of binary stream data,this paper proposes an algorithm of the transaction log analysis.Meanwhile,the operation log and data log are analyzed in detail.Especially,this paper puts forward an algorithm of row data analysis,analyzes the format of the INSERT and DELETE logs and gives some examples.Fourthly,this paper analyzes the principle and structure of the MODIFY transaction logs in detail and proposes an algorithm of MODIFY log analysis.Moreover,a MODIFY transaction log recursion analysis algorithm is proposed to avoid endless loop when it is impossible to find original data in MODIFY log analysis.Fifthly,by using C++language and calling the SQL Server database interface,this paper implements a database forensic system,including transaction log extraction and analysis.The corresponding experimental tests are made and statistics are given and analyzed at last.