{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T21:23:00Z","timestamp":1781299380513,"version":"3.54.1"},"reference-count":33,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2008,11,1]],"date-time":"2008-11-01T00:00:00Z","timestamp":1225497600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["IIS-0415101IIS-0639106EIA-0080123"],"award-info":[{"award-number":["IIS-0415101IIS-0639106EIA-0080123"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000145","name":"Division of Information and Intelligent Systems","doi-asserted-by":"publisher","award":["IIS-0415101IIS-0639106EIA-0080123"],"award-info":[{"award-number":["IIS-0415101IIS-0639106EIA-0080123"]}],"id":[{"id":"10.13039\/100000145","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Database Syst."],"published-print":{"date-parts":[[2008,11]]},"abstract":"<jats:p>Regulations and societal expectations have recently expressed the need to mediate access to valuable databases, even by insiders. One approach is tamper detection via cryptographic hashing. This article shows how to determine when the tampering occurred, what data was tampered with, and perhaps, ultimately, who did the tampering, via forensic analysis. We present four successively more sophisticated forensic analysis algorithms: the Monochromatic, RGBY, Tiled Bitmap, and a3D algorithms, and characterize their \u201cforensic cost\u201d under worst-case, best-case, and average-case assumptions on the distribution of corruption sites. A lower bound on forensic cost is derived, with RGBY and a3D being shown optimal for a large number of corruptions. We also provide validated cost formul\u00e6 for these algorithms and recommendations for the circumstances in which each algorithm is indicated.<\/jats:p>","DOI":"10.1145\/1412331.1412342","type":"journal-article","created":{"date-parts":[[2008,12,10]],"date-time":"2008-12-10T15:32:31Z","timestamp":1228923151000},"page":"1-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":48,"title":["Forensic analysis of database tampering"],"prefix":"10.1145","volume":"33","author":[{"given":"Kyriacos E.","family":"Pavlou","sequence":"first","affiliation":[{"name":"University of Arizona, Tucson, AZ"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Richard T.","family":"Snodgrass","sequence":"additional","affiliation":[{"name":"University of Arizona, Tucson, AZ"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2008,12,12]]},"reference":[{"key":"e_1_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1216016.1216018"},{"key":"e_1_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1016\/0306-4379(88)90004-X"},{"key":"e_1_2_2_3_1","first-page":"25","article-title":"Notions of upward compatibility of temporal query languages","volume":"39","author":"Bair J.","year":"1997","journal-title":"Bus. Inform."},{"key":"e_1_2_2_4_1","series-title":"Lecture Notes in Computer Science","volume-title":"Proceedings of the International Conference on Extending Database Technology","author":"Barbar\u00e1 D."},{"key":"e_1_2_2_5_1","unstructured":"Carvey H. and Kleiman D. 2007. Windows Forensics and Incident Recovery Syngres.   Carvey H. and Kleiman D. 2007. Windows Forensics and Incident Recovery Syngres."},{"key":"e_1_2_2_6_1","doi-asserted-by":"crossref","unstructured":"Chan C. C. Lam H. Lee Y. C. and Zhang X. 2004. Analytical Method Validation and Instrument Performance Verification Wiley-IEEE.  Chan C. C. Lam H. Lee Y. C. and Zhang X. 2004. Analytical Method Validation and Instrument Performance Verification Wiley-IEEE.","DOI":"10.1002\/0471463728"},{"key":"e_1_2_2_7_1","unstructured":"CSI\/FBI. 2005. Tenth Annual Computer Crime and Security Survey http:\/\/www.cpppe.umd.edu\/Bookstore\/Documents\/2005CSISurvey.pdf (accessed April 25 2008).  CSI\/FBI. 2005. Tenth Annual Computer Crime and Security Survey http:\/\/www.cpppe.umd.edu\/Bookstore\/Documents\/2005CSISurvey.pdf (accessed April 25 2008)."},{"key":"e_1_2_2_8_1","unstructured":"Department of Defense. 1985. Trusted Computer System Evaluation Criteria. DOD-5200.28-STD http:\/\/www.dynamoo.com\/orange (accessed April 25 2008).  Department of Defense. 1985. Trusted Computer System Evaluation Criteria. DOD-5200.28-STD http:\/\/www.dynamoo.com\/orange (accessed April 25 2008)."},{"key":"e_1_2_2_9_1","volume-title":"Title 21 Code of Federal Regulations (21 CFR Part 11) Electronic records","year":"2008"},{"key":"e_1_2_2_10_1","volume-title":"Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI). USENIX Association","author":"Fu K."},{"key":"e_1_2_2_11_1","volume-title":"Compliance: The effect on information management and the storage industry. Tech. rep","author":"Gerr P. A.","year":"2003"},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/11496137_15"},{"key":"e_1_2_2_13_1","unstructured":"Graham R. L. Knuth D. E. and Patashnik O. 2004. Concrete Mathematics 2nd Ed. Addison--Wesley.   Graham R. L. Knuth D. E. and Patashnik O. 2004. Concrete Mathematics 2nd Ed. Addison--Wesley."},{"key":"e_1_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF00196791"},{"key":"e_1_2_2_15_1","unstructured":"HIPAA. 1996. The Health Insurance Portability and Accountability Act. U.S. Dept. of Health & Human Services. http:\/\/www.cms.hhs.gov\/HIPAAGenInfo\/(accessed April 25 2008).  HIPAA. 1996. The Health Insurance Portability and Accountability Act. U.S. Dept. of Health & Human Services. http:\/\/www.cms.hhs.gov\/HIPAAGenInfo\/(accessed April 25 2008)."},{"key":"e_1_2_2_16_1","unstructured":"Hsu W. W. and Ong S. 2004. Fossilization: a process for establishing truly trustworthy records. Tech. rep. RJ 10331 IBM.  Hsu W. W. and Ong S. 2004. Fossilization: a process for establishing truly trustworthy records. Tech. rep. RJ 10331 IBM."},{"key":"e_1_2_2_17_1","volume-title":"Eds","author":"Jensen C. S.","year":"1998"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.334885"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1511\/2006.62.1008"},{"key":"e_1_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066157.1066295"},{"key":"e_1_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/319151.319160"},{"key":"e_1_2_2_22_1","unstructured":"Mena J. 2003. Investigative Data Mining for Security and Criminal Detection. Butterworth Heinemann.   Mena J. 2003. Investigative Data Mining for Security and Criminal Detection. Butterworth Heinemann."},{"key":"e_1_2_2_23_1","volume-title":"Proceedings of the 5th Symposium on Operating Systems Design and Implementation (SOSDI). ACM","author":"Muthitacharoen A."},{"key":"e_1_2_2_24_1","unstructured":"Oracle Corporation. 2007. Oracle Database 11g Workspace Manager Overview. Oracle White Paper http:\/\/www.oracle.com\/technology\/products\/database\/workspace_manager\/pdf\/twp_AppDev_Workspace_Manager_11gR1.pdf (accessed April 28 2008).  Oracle Corporation. 2007. Oracle Database 11g Workspace Manager Overview. Oracle White Paper http:\/\/www.oracle.com\/technology\/products\/database\/workspace_manager\/pdf\/twp_AppDev_Workspace_Manager_11gR1.pdf (accessed April 28 2008)."},{"key":"e_1_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1142473.1142487"},{"key":"e_1_2_2_26_1","unstructured":"Pavlou K. E. and Snodgrass R. T. 2006b. The pre-images of bitwise AND functions in forensic analysis. Tech. rep. TimeCenter.  Pavlou K. E. and Snodgrass R. T. 2006b. The pre-images of bitwise AND functions in forensic analysis. Tech. rep. TimeCenter."},{"key":"e_1_2_2_27_1","unstructured":"PIPEDA. 2000. Personal Information Protection and Electronic Documents Act. Bill C-6 Statutes of Canada http:\/\/www.privcom.gc.ca\/legislation\/02_06_01_01_e.asp.  PIPEDA. 2000. Personal Information Protection and Electronic Documents Act. Bill C-6 Statutes of Canada http:\/\/www.privcom.gc.ca\/legislation\/02_06_01_01_e.asp."},{"key":"e_1_2_2_28_1","volume-title":"Public Law No. 107--204, 116 Stat. 745","author":"Sarbanes-Oxley Act U.S."},{"key":"e_1_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/317087.317089"},{"key":"e_1_2_2_30_1","volume-title":"Proceedings of the International Conference on Very Large Databases (VLDB)","author":"Snodgrass R. T."},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1247480.1247492"},{"key":"e_1_2_2_32_1","volume-title":"Risk Management, and Regulatory Compliance for Pharmaceutical and Healthcare Companies","author":"Wingate G."},{"key":"e_1_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1066157.1066203"}],"container-title":["ACM Transactions on Database Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1412331.1412342","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1412331.1412342","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:48:51Z","timestamp":1750286931000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1412331.1412342"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,11]]},"references-count":33,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2008,11]]}},"alternative-id":["10.1145\/1412331.1412342"],"URL":"https:\/\/doi.org\/10.1145\/1412331.1412342","relation":{},"ISSN":["0362-5915","1557-4644"],"issn-type":[{"value":"0362-5915","type":"print"},{"value":"1557-4644","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,11]]},"assertion":[{"value":"2007-12-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-12-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}