Universiti Teknologi Malaysia Institutional Repository

Simplified database forensic investigation using metamodeling approach

Al-Dhaqm, Arafat Mohammed Rashad (2019) Simplified database forensic investigation using metamodeling approach. PhD thesis, Universiti Teknologi Malaysia, Faculty of Engineering - School of Computing.

[img]
Preview
PDF
1MB

Official URL: http://dms.library.utm.my:8080/vital/access/manage...

Abstract

Database Forensic Investigation (DBFI) domain is a significant field used to identify, collect, preserve, reconstruct, analyze and document database incidents. However, it is a heterogeneous, complex, and ambiguous domain due to the variety and multidimensional nature of database systems. Numerous specific DBFI models and frameworks have been proposed to solve specific database scenarios but there is a lack of structured and unified frameworks to facilitate managing, sharing and reusing of DBFI tasks and activities. Thus, this research developed a DBFI Metamodel (DBFIM) to structure and organize DBFI domain. A Design Science Research Methodology (DSRM) to provide a logical, testable and communicable metamodel was applied in this study. In this methodology, the steps included problem identification, define objectives, design and development, demonstration and evaluation, and communication. The outcome of this study is a DBFIM developed for structuring and organizing DBFI domain knowledge that facilitates the managing, sharing and reusing of DBFI domain knowledge among domain practitioners. DBFIM identifies, recognizes, extracts and matches different DBFI processes, concepts, activities, and tasks from different DBFI models into a developed metamodel, thus, allowing domain practitioners to derive/instantiate solution models easily. The DBFIM was validated using qualitative techniques: comparison against other models; face validity (domain experts); and case study. Comparisons against other models and face validity were applied to ensure completeness, logicalness, and usefulness of DBFIM against other DBFI domain models. Following this, two case studies were selected and implemented to demonstrate the applicability and effectiveness of the DBFIM in the DBFI domain using a DBFIM Prototype (DBFIMP). The results showed that DBFIMP allowed domain practitioners to create their solution models easily based on their requirements.

Item Type:Thesis (PhD)
Uncontrolled Keywords:Database Forensic Investigation (DBFI), DBFIM, domain knowledge
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computing
ID Code:98147
Deposited By: Yanti Mohd Shah
Deposited On:14 Nov 2022 10:22
Last Modified:14 Nov 2022 10:22

Repository Staff Only: item control page