InnoDB Database Forensics
Peter Frühwirt,Marcus Huber,Martin Mulazzani,Edgar Weippl +3 more
- 20 Apr 2010
- pp 1028-1036
TL;DR: This paper will describe the file format of the MySQL Database 5.1.32 with InnoDB Storage Engine, and explain with a practical example of how to reconstruct the data found in the file system of any SQL table.
read more
Abstract: Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and recover deleted data. While this fact is well known for computer forensics, multiple forensic tools exist to analyze data and the systematic analysis of database systems has only recently begun. This paper will describe the file format of the MySQL Database 5.1.32 with InnoDB Storage Engine. It will further explain with a practical example of how to reconstruct the data found in the file system of any SQL table. We will show how to reconstruct the table as it is, read data sets from the file and how to interpret the gained information.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Why Your Encrypted Database Is Not Secure
Paul Grubbs,Thomas Ristenpart,Vitaly Shmatikov +2 more
- 07 May 2017
TL;DR: It is demonstrated how the "snapshot attacker" model used to support the security claims for many encrypted databases does not reflect the information about past queries available in any snapshot attack on an actual DBMS.
75
CDBFIP: Common Database Forensic Investigation Processes for Internet of Things
Arafat Al-Dhaqm,Shukor Abd Razak,Siti Hajar Othman,Kim-Kwang Raymond Choo,William Bradley Glisson,Abdulalem Ali,Mohammad Abrar +6 more
TL;DR: This paper proposes common database forensic investigation processes using a design science research approach that allows the reconciliation of the concepts and terminologies of all common database forensics investigation processes and facilitates the sharing of knowledge on database Forensic investigation among domain newcomers, users, and practitioners.
61
Development and validation of a Database Forensic Metamodel (DBFM).
Arafat Al-Dhaqm,Arafat Al-Dhaqm,Shukor Abd Razak,Siti Hajar Othman,Asri Ngadi,Mohammed Nazir Ahmed,Abdulalem Ali Mohammed +6 more
TL;DR: This work has analysed 60 models of DBF in an attempt to uncover how numerous DBF activities are really public even when the actions vary, and generates a unified abstract view ofDBF in the form of a metamodel.
InnoDB Database Forensics: Reconstructing Data Manipulation Queries from Redo Logs
Peter Frühwirt,Peter Kieseberg,Sebastian Schrittwieser,Markus Huber,Edgar Weippl +4 more
- 20 Aug 2012
TL;DR: Methods for forensic analysis of InnoDB databases by analyzing the redo logs, primarily used for crash recovery within the storage engine are proposed.
Digital Forensics Subdomains: The State of the Art and Future Directions
Arafat Al-Dhaqm,Richard Adeyemi Ikuesan,Victor R. Kebande,Shukor Abd Razak,George Grispos,Kim-Kwang Raymond Choo,Bander Ali Saleh Al-rimy,AbdulRahman A. Alsewari +7 more
TL;DR: In this article, the authors proposed a high-level abstract metamodel, which combines the common investigation processes, activities, techniques, and tasks for digital forensics subdomains.
References
Ubiquitous B-Tree
TL;DR: The major variations of the B-tree are discussed, especially the B+-tree, contrasting the merits and costs of each implementation and illustrating a general purpose access method that uses a B- tree.
2.1K
The Universal B-Tree for Multidimensional Indexing: general Concepts
TL;DR: A new access structure, called UB-tree (for universal B-tree) for multidimensional data, which has multiplicative complexity instead of the additive complexity of multiple secondary indexes and results in dramatic performance improvements over secondary indexes.
192
Threats to privacy in the forensic analysis of database systems
Patrick Stahlberg,Gerome Miklau,Brian Neil Levine +2 more
- 11 Jun 2007
TL;DR: This paper investigates the unintended persistence of data stored in database systems and proposes specific techniques for secure record deletion and log expunction that increase the transparency of database systems, making them more resistant to forensic analysis.
On metadata context in Database Forensics
TL;DR: It is found that databases are inherently multidimensional from a forensic perspective and a notation is introduced to express the meaning of various possible forensic queries within this multiddimensional context.
115
Forensic analysis of database tampering
Kyriacos E. Pavlou,Richard T. Snodgrass +1 more
- 27 Jun 2006
TL;DR: This paper addresses the next problem, that of determining who, when, and what, by providing a systematic means of performing forensic analysis after such tampering has been uncovered by introducing a schematic representation termed a "corruption diagram" that aids in intrusion investigation.