Introduction

Suspicious transactions have been created with the intention of allowing the use of money
that has been gained unlawfully for legitimate reasons while concealing the true source of the
cash from government authorities. Information that is kept in a database and that complies
with organizational standards and requirements. A professional workforce is required because
it is a laborious task to manually detect any suspicious behaviour or do log analysis.
Identifying the log entries and examining the data can be done using database forensics. This
study focus on database transactions to identify the risk of transactions that seem suspicious.
This process gives vital information to the digital investigator or auditor.
Analysis
The Banks are suggested to follow the procedure of customer identification for the opening of
any new accounts and monitor the banking transactions which are of suspicious nature. These
reports are sent to appropriate authority. The three government acts PCI, HIPAA and
Sarbanes-Oxley have significant impact on database auditing requirements. Activity
monitoring should align with the business value of the information stored in the database and
with the policies and needs of the organization. To find any suspicious activity manually or
doing log analysis one needs skilled staff as it is tedious process. Database forensics can be
used to identify the log entries and analyze the information. The information retrieved
through audit logs is used to analyze undetected values with rule-based Bayesian
Classification algorithm. Dempster-Shafer’s theory of evidence is applied which gives risk
level of the transactions to be suspicious. Thus, this research monitor the database
transactions to detect the risk level of the suspicious transactions. This procedure provides the
digital investigator or auditor with crucial information.
 Transaction Monitoring with Database Forensics
This is the first stage where the database audit logs are monitored for transactions to
record database activity to suspect any suspicious and illegal behaviour acts. The key
artifacts obtained from Oracle databases existing capabilities.
 DST Analysis
The transactions are assigned the probabilities on 0–1 scale based on the evidences
determined in the first stage.
 In the second stage, they measure the Degree of Belief Bel(s) and Plausibility Pl(s)
values of the transactions using equation by combining different evidences retrieved
from audit logs.

 In digital forensic analysis, results with high precision (no false positives) and a high
recall (no false negatives) measure is considered to be an ideal investigator
performance.

 Evaluation Metrics
 In digital forensic analysis, results with high precision (no false positives) and a high
recall (no false negatives) measure is considered to be an ideal investigator
performance.

Findings
As per evidences and DST based results received for Account Id 44 the investigator has Bel
(s) = 0.3269 and Pl (∼ s) = 0.6730 for the transactions to be considered as less suspicious.
The degree of plausibility Pl (∼ s) here indicates that transactions is probably genuine
indicating less suspicious. On the other hand Account Id 35 the investigator has Bel (s) =
2.5428 and Pl (∼ s) = −1.5428 for the transactions to be considered as more suspicious. The
degree of plausibility Pl (∼ s) here indicates that transactions is probably Less genuine
indicating More suspicious.

In digital forensic analysis, results with high precision (no false positives) and a high recall
(no false negatives) measure is considered to be an ideal investigator performance. There is a
97% accuracy of proposed system for digital investigations with supporting information to
solve the uncertainty of a problem.

Conclusion
Most systems still rely on manual interventions and conventional data mining methods to find
suspicious transactions. This research report suggests adding database forensic techniques as
a new layer for accounting databases. Oracle-based banking database implementation has
been used to successfully verify it. By using database artifacts, the system can be expanded to
include more evidentiary values and new rules for outlier detection. The accuracy,
dependability, and accountability of this strategy have been improved by the use of a Rule-
based component, Dempster-Shafer theory (DST), Belief and Plausibility functions,
demonstrating it to be the perfect methodology for identifying suspicious transactions.