Database forensics is a branch of digital forensic science relating to the forensic study of databases and their related metadata.

Today almost all applications use high performance databases to deal with data. So the database security community are coming up with a number of different techniques and approaches to assure data confidentiality, integrity, and availability. But it is observed that digital attacks are targeting the databases ensuing database security breaches and threats . The outcome is that the existing laws / regulations are specifying investigations and response to security breaches or policy violations.

Information security policy demands auditing for the high performance databases for ensuring data integrity and also to detect database tampering if any. Relational database uses auditing capabilities, which involves examination of information and operations for accuracy, legality and propriety to report risks and to make recommendations to promote sound-operating practices. Database auditing is the process to be carried out on continuous basis. This records and analyzes the database activity for reporting on some period. But the database can be tampered deliberately or accidentally by authorized or unauthorized users at any instance bypassing auditing system too. The suspected behaviour with invalid access to the database must be inspected and analyzed further with database forensics. In this research paper a framework is proposed for analyzing and reconstructing the activity of any unsuspicious behaviour within database. The purpose is to identify, collect, analyze, validate, interpret, generate forensic report and preserve the evidence for digital investigations.