Web application mainly consists of the database of book store, hospital management, banking etc. These databases can be used for the practically implementation. To access these databases administrator provides the authority to users, but authorized users took the misuse of that authority for performing illegal activity on database & try to hide illegal activity. It is the critical task to find out such illegal activity called tampering. The attacker can leave the evidence behind that can be collected by certain ways by forensic tools for the purpose of further investigations.