Title :
InnoDB Database Forensics
Author :
Peter Frühwirt;Marcus Huber;Martin Mulazzani;Edgar R. Weippl
Author_Institution :
Vienna Univ. of Technol., Vienna, Austria
Abstract :
Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and recover deleted data. While this fact is well known for computer forensics, multiple forensic tools exist to analyze data and the systematic analysis of database systems has only recently begun. This paper will describe the file format of the MySQL Database 5.1.32 with InnoDB Storage Engine. It will further explain with a practical example of how to reconstruct the data found in the file system of any SQL table. We will show how to reconstruct the table as it is, read data sets from the file and how to interpret the gained information.
Keywords :
"Forensics","File systems","Database systems","Data analysis","Engines","Data structures","Information analysis","Indexes","Documentation","Protection"
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on
Print_ISBN :
978-1-4244-6695-5
DOI :
10.1109/AINA.2010.152
