• DocumentCode
    1727505
  • Title

    InnoDB Database Forensics: Reconstructing Data Manipulation Queries from Redo Logs

  • Author

    Frühwirt, Peter ; Kieseberg, Peter ; Schrittwieser, Sebastian ; Huber, Markus ; Weippl, Edgar

  • Author_Institution
    SBA-Res., Vienna, Austria
  • fYear
    2012
  • Firstpage
    625
  • Lastpage
    633
  • Abstract
    InnoDB is a powerful open-source storage engine for MySQL that gained much popularity during the recent years. This paper proposes methods for forensic analysis of InnoDB databases by analyzing the redo logs, primarily used for crash recovery within the storage engine. This new method can be very useful in forensic investigations where the attacker got admin privileges, or was the admin himself. While such a powerful attacker could cover tracks by manipulating the log files intended for fraud detection, data cannot be changed easily in the redo logs. Based on a prototype implementation, we show methods for recovering Insert, Delete and Update statements issued against a database.
  • Keywords
    SQL; computer forensics; fraud; query processing; storage management; InnoDB database forensics; MySQL; admin privileges; crash recovery; data manipulation query reconstruction; delete statement recovery; forensic analysis; forensic investigations; fraud detection; insert statement recovery; log file manipulation; open-source storage engine; prototype implementation; redo logs; update statement recovery; Computer crashes; Digital forensics; Engines; Indexes; Navigation; InnoDB; databases; digital forensics; log files;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
  • Conference_Location
    Prague
  • Print_ISBN
    978-1-4673-2244-7
  • Type

    conf

  • DOI
    10.1109/ARES.2012.50
  • Filename
    6329240
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1727505