Today´s database management systems implement sophisticated access control mechanisms to prevent unauthorized access and modifications. This is, as an example, an important basic requirement for SOX (Sarbanes-Oxley Act) compliance, whereby every past transaction has to be traceable at any time. However,malicious database administrators may still be able to bypass the security mechanisms to make hidden modifications to the database.
In this paper we define a novel signature of a B+-Tree, a widely-used storage structure in database management systems, and propose its utilization for supporting the logging in databases. This additional logging mechanism is especially useful in combination with forensic techniques that directly target the underlying tree-structure of an index. The applicability of the approach is demonstrated by proposing techniques for applying this signature in the context of digital forensics on B+-Trees.