Simplified database forensic investigation using metamodeling approach

Database Forensic Investigation (DBFI) domain is a significant field used to identify, collect, preserve, reconstruct, analyze and document database incidents. However, it is a heterogeneous, complex, and ambiguous domain due to the variety and multidimensional nature of database systems. Numerous specific DBFI models and frameworks have been proposed to solve specific database scenarios but there is a lack of structured and unified frameworks to facilitate managing, sharing and reusing of DBFI tasks and activities. Thus, this research developed a DBFI Metamodel (DBFIM) to structure and organize DBFI domain. A Design Science Research Methodology (DSRM) to provide a logical, testable and communicable metamodel was applied in this study. In this methodology, the steps included problem identification, define objectives, design and development, demonstration and evaluation, and communication. The outcome of this study is a DBFIM developed for structuring and organizing DBFI domain knowledge that facilitates the managing, sharing and reusing of DBFI domain knowledge among domain practitioners. DBFIM identifies, recognizes, extracts and matches different DBFI processes, concepts, activities, and tasks from different DBFI models into a developed metamodel, thus, allowing domain practitioners to derive/instantiate solution models easily. The DBFIM was validated using qualitative techniques: comparison against other models; face validity (domain experts); and case study. Comparisons against other models and face validity were applied to ensure completeness, logicalness, and usefulness of DBFIM against other DBFI domain models. Following this, two case studies were selected and implemented to demonstrate the applicability and effectiveness of the DBFIM in the DBFI domain using a DBFIM Prototype (DBFIMP). The results showed that DBFIMP allowed domain practitioners to create their solution models easily based on their requirements

A generic database forensic investigation process model

Database Forensic investigation is a domain which deals with database contents and their metadata to reveal malicious activities on database systems. Even though it is still new, but due to the overwhelming challenges and issues in the domain, this makes database forensic become a fast growing and much sought after research area. Based on observations made, we found that database forensic suffers from having a common standard which could unify knowledge of the domain. Therefore, through this paper, we present the use of Design Science Research (DSR) as a research methodology to develop a Generic Database Forensic Investigation Process Model (DBFIPM). From the creation of DBFIPM, five common forensic investigation processes have been proposed namely, the i) identification, ii) collection, iii) preservation, iv) analysis and v) presentation process. From the DBFIPM, it allows the reconciliation of concepts and terminologies of all common databases forensic investigation processes. Thus, this will potentially facilitate the sharing of knowledge on database forensic investigation among domain stakeholders

A Comprehensive Collection and Analysis Model for the Drone Forensics Field

Unmanned aerial vehicles (UAVs) are adaptable and rapid mobile boards that can be applied to several purposes, especially in smart cities. These involve traffic observation, environmental monitoring, and public safety. The need to realize effective drone forensic processes has mainly been reinforced by drone-based evidence. Drone-based evidence collection and preservation entails accumulating and collecting digital evidence from the drone of the victim for subsequent analysis and presentation. Digital evidence must, however, be collected and analyzed in a forensically sound manner using the appropriate collection and analysis methodologies and tools to preserve the integrity of the evidence. For this purpose, various collection and analysis models have been proposed for drone forensics based on the existing literature; several models are inclined towards specific scenarios and drone systems. As a result, the literature lacks a suitable and standardized drone-based collection and analysis model devoid of commonalities, which can solve future problems that may arise in the drone forensics field. Therefore, this paper has three contributions: (a) studies the machine learning existing in the literature in the context of handling drone data to discover criminal actions, (b) highlights the existing forensic models proposed for drone forensics, and (c) proposes a novel comprehensive collection and analysis forensic model (CCAFM) applicable to the drone forensics field using the design science research approach. The proposed CCAFM consists of three main processes: (1) acquisition and preservation, (2) reconstruction and analysis, and (3) post-investigation process. CCAFM contextually leverages the initially proposed models herein incorporated in this study. CCAFM allows digital forensic investigators to collect, protect, rebuild, and examine volatile and nonvolatile items from the suspected drone based on scientific forensic techniques. Therefore, it enables sharing of knowledge on drone forensic investigation among practitioners working in the forensics domain

Common investigation process model for internet of things forensics

Internet of Things Forensics (IoTFs) is a new discipline in digital forensics science used in the detection, acquisition, preservation, rebuilding, analyzing, and the presentation of evidence from IoT environments. IoTFs discipline still suffers from several issues and challenges that have in the recent past been documented. For example, heterogeneity of IoT infrastructures has mainly been a key challenge. The heterogeneity of the IoT infrastructures makes the IoTFs very complex, and ambiguous among various forensic domain. This paper aims to propose a common investigation processes for IoTFs using the metamodeling method called Common Investigation Process Model (CIPM) for IoTFs. The proposed CIPM consists of four common investigation processes: i) preparation process, ii) collection process, iii) analysis process and iv) final report process. The proposed CIPM can assist IoTFs users to facilitate, manage, and organize the investigation tasks

Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments

© 2020 The Author(s) Machine learning has been shown as a promising approach to mine larger datasets, such as those that comprise data from a broad range of Internet of Things devices, across complex environment(s) to solve different problems. This paper surveys existing literature on the potential of using supervised classical machine learning techniques, such as K-Nearest Neigbour, Support Vector Machines, Naive Bayes and Random Forest algorithms, in performing live digital forensics for different IoT configurations. There are also a number of challenges associated with the use of machine learning techniques, as discussed in this paper

Comparative analysis of network forensic tools and network forensics processes

Network Forensics (NFs) is a branch of digital forensics which used to detect and capture potential digital crimes over computer networked environments crime. Network Forensic Tools (NFTs) and Network Forensic Processes (NFPs) have abilities to examine networks, collect all normal and abnormal traffic/data, help in network incident analysis, and assist in creating an appropriate incident detection and reaction and also create a forensic hypothesis that can be used in a court of law. Also, it assists in examining the internal incidents and exploitation of assets, attack goals, executes threat evaluation, also by evaluating network performance. According to existing literature, there exist quite a number of NFTs and NTPs that are used for identification, collection, reconstruction, and analysing the chain of incidents that happen on networks. However, they were vary and differ in their roles and functionalities. The main objective of this paper, therefore, is to assess and see the distinction that exist between Network Forensic Tools (NFTs) and Network Forensic Processes (NFPs). Precisely, this paper focuses on comparing among four famous NFTs: Xplico, OmniPeek, NetDetector, and NetIetercept. The outputs of this paper show that the Xplico tool has abilities to identify, collect, reconstruct, and analyse the chain of incidents that happen on networks than other NF tools

CIPM: Common identification process model for database forensics field

Database Forensics (DBF) domain is a branch of digital forensics, concerned with the identification, collection, reconstruction, analysis, and documentation of database crimes. Different researchers have introduced several identification models to handle database crimes. Majority of proposed models are not specific and are redundant, which makes these models a problem because of the multidimensional nature and high diversity of database systems. Accordingly, using the metamodeling approach, the current study is aimed at proposing a unified identification model applicable to the database forensic field. The model integrates and harmonizes all exiting identification processes into a single abstract model, called Common Identification Process Model (CIPM). The model comprises six phases: 1) notifying an incident, 2) responding to the incident, 3) identification of the incident source, 4) verification of the incident, 5) isolation of the database server and 6) provision of an investigation environment. CIMP was found capable of helping the practitioners and newcomers to the forensics domain to control database crimes

تطور تعليم اللغة العربية في معهد دار القرآن الأنورية بتوليهو, مالوكو الوسط من السنة 1963-2010 : دراسة وصفية تحليلية

ABSTRAK Pembelajaran bahasa Arab pertama kali di Pondok Pesantren Darul Qur’an al- Anwariyah yaitu dengan mempelajari Al-Qur’an di Taman Pendidikan Al-Qur’an “Nurullathif” di desa Tulehu, Maluku Tengah sejak tahun 0692 M hingga berganti status menjadi Pondok Pesantren pada tahun 3110M hingga kini. Tentu saja ada perkembangan pembelajaran bahasa Arab dari waktu ke waktu. Tujuan dari penelitian ini adalah untuk mendeskripsikan penyebaran Pondok Pesantren Darul Qur’an Al-Anwariyah, dan pembelajaran bahasa Arab di Pondok Pesantren Darul Qur’an Al-Anwariyah dari segi kurikulum, isi, metode, media pembelajaran, maupun evaluasi. Penelitian ini menggunakan pendekatan kualitatif deskriptif, dengan metode pengumpulan data meliputi wawancara dan pengumpulan dokumentasi, dan triangulasi. Adapun instrumen untuk mengukur adanya perkembanga pembelajaran bahasa Arab yaitu dengan menggunakan tolak ukur dari Program Evaluasi CIPP dari Stufflebeam. Dan teknik analisis data menggunakan teknik Miles dan Huberman yaitu dengan mereduksi data, penyajian data, dan merangkum data. Hasil dari penelitian ini yaitu adanya perkembangan pembelajaran bahasa Arab mulai awal berdirinya TPQ Nurullathif” hingga berpindah status menjadi Pondok Pesantren Darul Qur’an Al-Anwariyah dengan tolak ukur program evaluasi model CIPP dari Stufflebeam. Namun, dari segi metode pembelajaran, pondok ini tidak pernah menggunakan metode Sorogan yang notabene digunakan dalam pembelajaran bahasa Arab di setiap pondok salafiyah. Karena pembelajaran kitab kuning tidak diberlakukan di pondok Pesantren Darul Qur’an Al-anwariyah. Penulis yakin masih banyak kekurangan dari penelitian ini secara umum, khususnya dari segi teori yang mana penulis hanya menerapkan program evaluasi bentuk CIPP dari Stufflebeam sebagai instrumen semata untuk mengukur perkembangan pembelajaran bahasa Arab. Untuk itu, penulis menghimbau kepada peneliti selanjutnya untuk menggunakan teori program evaluasi bentuk CIPP dari Stufflebeam untuk mengukur perkembangan pembelajaran bahasa Arab di Indonesia. ABSTRACT The Arabic language learning in Islamic Boarding School “Darul Qur’an Al- anwariyah” at Tulehu, Center of Maluku began from Qur’an learning at Qur’an Education Park “Nurullathif” from 0692 A.D until it changed to Islamic Boarding School “Darul Qur’an Al-Anwariyah” from 3110 A.D till now. And for sure there’s improvement of Arabic language learning from each periods. The purposes of this research are to describe the growth of Islamic Boarding School “Darul Qur’an Al-Anwariyah”, and to describe the improvement of Arabic language learning in terms of Curriculum, learning content, learning methods, learning media, and also evaluation. This Qualitative Research uses indeepth interview, collecting documents, and triangulation. The instrument of this research is quality standarts of program evaluation CIPP by Stufflebeam . And the data analysis techniques are based on Miles and Huberman ways: Data Reduction, Data Display, conclusion drawing/verification. The study describes that there’re improvement in Arabic language learning from the first year in the Qur’an Education Park “Nurullathif” to Islamic Boarding School “Darul Qur’an Al-Anwariyah” by quality standarts of Evaluation Program CIPP by Stufflebeam. But there was no evolution in the teaching of Arabic in terms of the way, although not used way “Sorogan” in teaching Arabic language of the first garden structure Quran education "Nour Latif" so far, because the students did not learn books Alocefria. For sure there are many shortcomings of this study in general, especially in terms of the theory which the writer only implement the evaluation program CIPP of Stufflebeam forms as merely an instrument to measure the improvement of Arabic learning. To that end, the writer urge further research to use evaluation program theory CIPP of Stufflebeam form to measure the development of Arabic learning in Indonesia

Detection and prevention of malicious activities on RDBMS relational database management systems

Insider attacks formed the biggest threaten against database management systems. There are many mechanisms have been developed to detect and prevent the insider attacks called Detection of Malicious Activities in Database Systems DEMIDS. The DEMIDS consider as one of the last defenses mechanism of the database security system. There are many mechanisms that have been developed to detect and prevent the misuse activi- ties like delete, and update data on the database systems. These mechanisms utilize auditing and profiling methods to detect and prevent the malicious activities. However these mechanisms still have problems to detect the misuse activities such as limit to detect the malicious data on authorized com- mands. This study will address these problems by propose a mechanism that utilizes dependency relationship among items to detect and prevent the malicious data by calculate a number of relations among data items. If the number of relations among items is not allowed any modification or deletion then the mechanism will detect activity as malicious activity. The evaluation parameters such as detect, false positive and f alse negative rate use to evaluate the accuracy of proposed mechanism

Face Validation of Database Forensic Investigation Metamodel

Using a face validity approach, this paper provides a validation of the Database Forensic Investigation Metamodel (DBFIM). The DBFIM was developed to solve interoperability, heterogeneity, complexity, and ambiguity in the database forensic investigation (DBFI) field, where several models were identified, collected, and reviewed to develop DBFIM. However, the developed DBFIM lacked the face validity-based approach that could ensure DBFIM’s applicability in the DBFI field. The completeness, usefulness, and logic of the developed DBFIM needed to be validated by experts. Therefore, the objective of this paper is to perform the validation of the developed DBFIM using the qualitative face validity approach. The face validity method is a common way of validating metamodels through subject expert inquiry on the domain application of the metamodel to assess whether the metamodel is reasonable and compatible based on the outcomes. For this purpose, six experts were nominated and selected to validate the developed DBFIM. From the expert review, the developed DBFIM was found to be complete, coherent, logical, scalable, interoperable, and useful for the DBFI field