A Forensic Examination of Database Slack

This research includes an examination and analysis of the phenomenon of database slack.<br>Database forensics is an underexplored subfield of Digital Forensics, and the lack of research is<br>becoming more important with every breach and theft of data. A small amount of research exists<br>in the literature regarding database slack. This exploratory work examined what partial records of<br>forensic significance can be found in database slack. A series of experiments performed update<br>and delete transactions upon data in a PostgreSQL database, which created database slack.<br>Patterns of hexadecimal indicators for database slack in the file system were found and analyzed.<br>Despite limitations in the experiments, the results indicated that partial records of forensic<br>significance are found in database slack. Significantly, partial records found in database slack<br>may aid a forensic investigation of a database breach. The details of the hexadecimal patterns of<br>the database slack fill in gaps in the literature, the impact of log findings on an investigation was<br>shown, and complexity aspects back up existing parts of database forensics research. This<br>research helped to lessen the dearth of work in the area of database forensics as well as database slack.<br>