박소현, 김기범,

Vol. 35, No. 2, pp. 205-222, 4월. 2025
10.13089/JKIISC.2025.35.2.205, Full Text:
Keywords: CUBRID Database, Digital Forensics, Anti-forensics, Database Forensics, Decryption Order
Abstract

CUBRID database achieved a market share of 9.13% in the public sector in 2023, making it the leading domestic DBMS. CUBRID is widely adopted by public institutions and small to medium-sized enterprises due to its domestic development, Korean language support, cost-effectiveness based on open-source, and compatibility across various operating systems and platforms. Its demand is expected to continue growing. This study, which addresses the lack of forensic research on CUBRID databases, involved installing CUBRID versions 11.3 and 10.2 on Redhat and Debian-based Linux distributions and creating a pshdb database. The experiments aimed to detect the following anti-forensic techniques: 1) user concealment, 2) steganography detection, 3) SQL injection, 4) xattr data hiding and 5) Blocking evidence creation. The results showed that these anti-forensic techniques can be detected. This research provides foundational data for detecting anti-forensic techniques that may occur in the CUBRID database environment and proposes countermeasures to improve forensic effectiveness. The experiment outlines detection procedures and countermeasures in detail, which will contribute significantly to the future enhancement of CUBRID database security and the application of forensic technologies.

Statistics
Cite this article