Digital forensics for enterprise rights management systems
Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services
| Hi-index | 0.00 |
InnoDB is a powerful open-source storage engine for MySQL that gained much popularity during the recent years. This paper proposes methods for forensic analysis of InnoDB databases by analyzing the redo logs, primarily used for crash recovery within the storage engine. This new method can be very useful in forensic investigations where the attacker got admin privileges, or was the admin himself. While such a powerful attacker could cover tracks by manipulating the log files intended for fraud detection, data cannot be changed easily in the redo logs. Based on a prototype implementation, we show methods for recovering Insert, Delete and Update statements issued against a database.