Integrated forensics data collection and analysis model for databases using design science method
2026, vol.18 , no.1, pp. 105-114
Article [2026-01-10]
Given the availability of database evidence, it is essential to implement effective forensic processes to maintain data integrity. Consequently, collecting and preserving digital evidence from the victim's database is crucial for analysis and presentation. This evidence must be gathered and examined in a forensically sound manner, using appropriate methodologies and tools. Although various collection and analysis models have been proposed based on existing literature, many are tailored to specific scenarios and database types. As a result, there is no universal, standardized model that is free from tailored approaches, but rather one that is suited for future database investigations. Thus, this paper introduces the Integrated Forensics Data Collection and Analysis Model for Databases (IFDCAMD), a unified framework designed to address the lack of standardization and redundancy in existing database forensic investigation processes. The model integrates key phases, including acquisition, preservation, reconstruction, analysis, and documentation & reporting, into a structured, forensically sound methodology. It aims to streamline investigations and enhance the admissibility of digital evidence, with applicability to post-incident response scenarios. The model's effectiveness is demonstrated through real-world case studies involving both relational (MySQL) and NoSQL (MongoDB) databases.
forensics of databases, investigation of databases, digital forensics, and investigative processes
https://doi.org/10.59035/BIUY1706
Ahmad Alshammari. Integrated forensics data collection and analysis model for databases using design science method. International Journal on Information Technologies and Security, vol.18 , no.1, 2026, pp. 105-114. https://doi.org/10.59035/BIUY1706