InnoDB database forensics: Enhanced reconstruction of data manipulation queries from redo logs |
| |
Authors: | Peter Frühwirt Peter Kieseberg Sebastian Schrittwieser Markus Huber Edgar Weippl |
| |
Affiliation: | SBA Research gGmbH, Favoritenstraße 16, 1040 Vienna, Austria |
| |
Abstract: | The InnoDB storage engine is one of the most widely used storage engines for MySQL. This paper discusses possibilities of utilizing the redo logs of InnoDB databases for forensic analysis, as well as the extraction of the information needed from the MySQL definition files, in order to carry out this kind of analysis. Since the redo logs are internal log files of the storage engine and thus cannot easily be changed undetected, this forensic method can be very useful against adversaries with administrator privileges, which could otherwise cover their tracks by manipulating traditional log files intended for audit and control purposes. Based on a prototype implementation, we show methods for recovering Insert, Delete and Update statements issued against a database. |
| |
Keywords: | MySQL InnoDB Digital forensics Databases Log files |
本文献已被 ScienceDirect 等数据库收录! |
|