Title :
InnoDB Database Forensics: Reconstructing Data Manipulation Queries from Redo Logs
Author :
Frühwirt, Peter ; Kieseberg, Peter ; Schrittwieser, Sebastian ; Huber, Markus ; Weippl, Edgar
Author_Institution :
SBA-Res., Vienna, Austria
Abstract :
InnoDB is a powerful open-source storage engine for MySQL that gained much popularity during the recent years. This paper proposes methods for forensic analysis of InnoDB databases by analyzing the redo logs, primarily used for crash recovery within the storage engine. This new method can be very useful in forensic investigations where the attacker got admin privileges, or was the admin himself. While such a powerful attacker could cover tracks by manipulating the log files intended for fraud detection, data cannot be changed easily in the redo logs. Based on a prototype implementation, we show methods for recovering Insert, Delete and Update statements issued against a database.
Keywords :
SQL; computer forensics; fraud; query processing; storage management; InnoDB database forensics; MySQL; admin privileges; crash recovery; data manipulation query reconstruction; delete statement recovery; forensic analysis; forensic investigations; fraud detection; insert statement recovery; log file manipulation; open-source storage engine; prototype implementation; redo logs; update statement recovery; Computer crashes; Digital forensics; Engines; Indexes; Navigation; InnoDB; databases; digital forensics; log files;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.50
