CIPM: Common Identification Process Model for Database Forensics Field
This addresses the need for a standardized approach in the Database Forensics field, but it is incremental as it builds upon existing models.
The study tackled the problem of redundant and non-specific identification models in Database Forensics by proposing a unified Common Identification Process Model (CIPM) that integrates existing processes into a single abstract model with six phases, aimed at helping practitioners control database crimes.
Database Forensics (DBF) domain is a branch of digital forensics, concerned with the identification, collection, reconstruction, analysis, and documentation of database crimes. Different researchers have introduced several identification models to handle database crimes. Majority of proposed models are not specific and are redundant, which makes these models a problem because of the multidimensional nature and high diversity of database systems. Accordingly, using the metamodeling approach, the current study is aimed at proposing a unified identification model applicable to the database forensic field. The model integrates and harmonizes all exiting identification processes into a single abstract model, called Common Identification Process Model (CIPM). The model comprises six phases: 1) notifying an incident, 2) responding to the incident, 3) identification of the incident source, 4) verification of the incident, 5) isolation of the database server and 6) provision of an investigation environment. CIMP was found capable of helping the practitioners and newcomers to the forensics domain to control database crimes.