Database auditing and forensics: Exploration and evaluation

© 2015 IEEE. Database auditing is a prerequisite in the process of database forensics. Log files of different types and purposes are used in correlating evidence related to forensic investigation. In this paper, a new framework is proposed to explore and implement auditing features and DBMS-specific built-in utilities to aid in carrying out database forensics. The new framework is implemented in three phases, where ideal forensic auditing settings are suggested, techniques and approaches to conduct forensics are evaluated, and finally database forensic tools are investigated and evaluated. The research findings serve as guidelines toward focusing on database forensics. There is a crucial need to fill in the gap where forensic tools are few and not database specific

Analysis of cloud computing attacks and countermeasures

© 2016 Global IT Research Institute (GiRI). Business enterprises are competing to get their applications up and running faster with improved manageability and less maintenance by reassigning the ability to IT specialists to adjust resources in order to meet business fluctuating needs. This can be achieved through utilizing the Cloud Computing Model which is distinguished by \u27pay as you go\u27 model. The model offers solutions of storage, convenient and on-demand access to a shared pool of configurable computing resources. As with any novel technology, Cloud Computing is subject to security threats and vulnerabilities including network threats, information threats and underlying infrastructure threats. In this paper, we present a framework by which penetration testing is conducted to highlight possible vulnerabilities within our private Cloud Computing infrastructure, simulate attacks to exploit discovered vulnerabilities such as Denial of Service (DoS) and Man-in-the-Cloud attacks, apply countermeasures to prevent such attacks, and then to exemplify a recommended best practice protection mechanism which will contribute to the Cloud Computing security