Methodologies for Detecting Covert Database

Forensic accounting has recently gained great attention in the accounting and computer forensic fields since government regulations such as Health Insurance Portability and accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), sarbanes-oxley Act~cite{b1} (SOX) were introduced in the United States. Although these regulations force corporations to provide financial transparency, they still commit accounting frauds such as slush fund or tax evasion. moreover, companies have substituted paper-work with IT systems such as DBMS (database management system), EDMS (electronic document management system), and ERP (Enterprise Resource Planning) system. Since the majority of corporations use DBMS we should focus our attention on discovering financial information in a database server. However, frauds are difficult to observe and detect because the perpetrators did their best to conceal their fraudulent activities. In particular, we need to consider the case of a covert database server. This paper proposes a methodology for detecting covert database server, which would be helpful for forensic investigators. Therefore, we describe an example of covert database server and suggest several detection techniques. Finally, we provide our methodology according to classification of investigation cooperation.