Digital Forensic Innodb Database Engine for Employee Performance Appraisal Application

Digital Forensic Innodb Database Engine for Employee Performance Appraisal Application

125 E3S W eb of C onferences , 25002 (2019) https://doi.org/10.1051/e3sconf/201912525002 ICENIS 2019 Digital Forensic InnoDB Database Engine for Employee Performance Appraisal Application Daniel Yeri Kristiyanto1,*, Bambang Suhartono2 and Agus Wibowo1 1Department of Computer Systems, School of Electronics and Computer Science, Semarang - Indonesia 2 Department of Electrical Engineering, School of Electronics and Computer Science, Semarang – Indonesia Abstract. Data is something that can be manipulated by irresponsible people and causing fraud. The use of log files, data theft, unauthorized person, and infiltration are things that should be prevented before the problem occurs. The authenticity of application data that evaluates the performance of company employees is very crucial. This paper will explain how to maintain the company’s big data as a valid standard service to assess employee performance database, based on employee performance of MariaDB or MySQL 5.0.11 with InnoDB storage engine. The authenticity of data is required for decent digital evidence when sabotage occurs. Digital forensic analysis carried out serves to reveal past activities, record time and be able to recover deleted data in the InnoDB storage engine table. A comprehensive examination is carried out by looking at the internal and external aspects of the Relational Database Management System (RDBMS). The result of this research is in the form of forensic tables in the InnoDB engine before and after sabotage occurs. Keywords: Data log; data analytics; artefact digital; sabotage; InnoDB; penetration test. 1 Introduction research uses NTFS (New Technology File System). NTFS is very good for digital forensic analysis with At present almost all companies have a database system extensive application support [5, 6]. [1]. Information is formed quickly and is a basic Analysis of the data contained in a database, it requirement of a company [2, 3]. Companies that already requires deep knowledge of the data which is to know have a computer-based information system (CBIS) have the data is formed, created and manipulated [7, 8]. The stored their information into a database management expectation of the results of the knowledge is a clear, system. This information is crucial and is used as the consistent and explicit statement regarding the result of main tool to make decisions about the performance of the analysis. The main objective of this research is to be employees in the company [3]. Results and information able to analyze the MariaDB or MySQL database that on forensic databases can be used for several reasons [4, uses the InnoDB engine with the main function to asses 5]. First, find out how safe the data in the company is employee performance. MariaDB is a multiuser database stored. The company wants to know whether certain that has one daemon, so it does not have wrapping as privileges can be violated or even damaged related to the found in Apache + suexec/cgiwrap. Users who use the database they have. Second, the results of forensic MariaDB database have access to all databases contained databases can be used to prevent unwanted events. Early in the data directory, namely /mysql/data. MariaDB and detection and analysis of attacks on the database must be MySQL already have excellent access privilege systems, able to be analyzed. Third, companies that have but bugs in MariaDB code or even configuring the databases that contain employee data certainly concern privilege system can potentially open a database the interest of many people’s privacy, thus authentic containing important secrets that should have limited verification of each employee’s data is needed for a access. The in-file and out-file data in the MariaDB more specific purpose, namely being able to guarantee database are two things that can become security correct and fair data. loopholes by replacing the database remotely. File systems are very important for data integrity, This study explains the structure and architecture of a performance, and ease of administration. The integrity of database that is owned by a company. The CBIS in the data in a database is absolute because all forms of form of employee performance appraisers. Data that is corrupt data must be prevented [5]. Database owned by the company will be reconstructed by looking performance aspects are seen from the speed and at the cluster file system. The results of digital forensic stability of processing large companies’ data as well as analysis are used to detect whether there is sabotage or the ease of data administration that influences database not. performance. The file system in the employee appraisal * Corresponding author: [email protected] © The Authors, published by EDP Sciences. This is an open access article distributed under the terms of the Creative Commons Attribution License 4.0 (http://creativecommons.org/licenses/by/4.0/). 125 E3S W eb of C onferences , 25002 (2019) https://doi.org/10.1051/e3sconf/201912525002 ICENIS 2019 The first discussion in this paper is about internal adopted an integrated digital forensic process model checks on MariaDB, settings used in MariaDB, access framework adapted to research. privileges, connection control checks, chroot checking, The researcher acquired the NTFS file system where local in-file data load checking, and SSL-based the MariaDB database was placed using digital forensic connection checks. The second is a simple SQL-table applications. Cluster acquisition in the database internal explanation and looks for the relevance between application performance appraisal employees have the keys, data types and other components of the database main target, namely information from the tables in the compiler. The third is the identification of acts of database include general table information, primary sabotage against the database. keys, field definitions, data storage checks. The internal investigation includes checking the database engine which is the default used by MariaDB. 2 Research Method MariaDB stores all information on each table into the MariaDB is the most popular open source RDBMS .frm file. The filename is created automatically when a server. MariaDB is a free version of MySQL, so both table is formed through the create_frm () function in the have the same database engine. MariaDB database file /sql/table.cc. Each .frm file in the table by default security analysis used for corporate performance app has a limit of is exceeded. MariaDB engine will truncate assessment. It is analyzed from several aspects, which to prevent overflow or error. Forensic data analysis of according to the author are crucial from a data security the application of the employee performance appraisal perspective. website in this study adopted an integrated digital forensic process model framework adapted to research. The researcher acquired the NTFS file system where 2.1. External Investigation the MariaDB database was placed using digital forensic applications. Cluster acquisition in the database 2.1.1 Investigation the Installation of Database application performance appraisal employees have the Engines main target, namely information from the tables in the database include general table information, primary Installation of the MariaDB database engine in the keys, field definitions, data storage checks. employee performance app assessment in this study was analyzed by looking at the machines installed separately 2.3 Identification of Sabotage or not separately[5]. The potential for sabotage of engine installations is analyzed through various open ports Sabotage is an action that is planned, organized by a including internet ports (80) and (3306). Furthermore, person or organization intentionally with a particular the investigation is intended to see the “Shell” target area to cause damage, loss, original data changes, configuration for each user whether the default or has a and destruction both physically and non-physically [11]. private configuration. The database is a source of company activity. To identify database sabotage that passes through a network, the 2.1.2 Access Privilege network traffic of the researcher reads the traffic pattern, if abnormal indications are seen on IP seen as private Privileged access systems are very important for a digital addresses using NAT, the IP does not appear frequently forensic study [9]. Allegations of a case of sabotage will in the log, time-stamp is too close, source port and the be directed into this passage. Employee appraisers in this sequence number that rises simultaneously is this guide study will analyze the access rights of each user, used by researchers to carry out forensic analysis with analyzing the user is very important to find sabotage suspected attacks on the MariaDB server. agents, because sabotage is usually carried out by people Changes to database files are checked based on the who know for sure the information system used by the connection between binary log files and the user record. company. Ideally, for the security of shared hosting This check is needed to prove the consistency of all servers, each administrator is only permitted to access tables in the database based on transaction ID in each one database [10]. record, if there is a change in data not within the reporting range, which should be based on log databases and network logs, it is matched with the company’s 2.2 Internal Investigation routine reporting, and then acts of sabotage are ensured. The internal investigation includes checking the database engine which is the default used by MariaDB [4]. 3 Result and Discussion MariaDB stores all information on each table into the .frm file. The filename is created automatically when a table is formed through the create_frm () function in the 3.1. Knowledge Based Digital Forensic file /sql/table.cc. Each .frm file in the table by default Information gathering and observation are the first steps has a limit of 4 GB if this limit is exceeded then the taken to complete digital forensic analysis of InnoDB MariaDB engine will truncate to prevent overflow or database engine application to evaluate employee error.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    8 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us