Browse > Article
http://dx.doi.org/10.3745/KTCCS.2017.6.12.487

A Study on the Improvement Method of Deleted Record Recovery in MySQL InnoDB  

Jung, Sung Kyun (고려대학교 정보보호대학원 정보보호학과)
Jang, Jee Won (고려대학교 정보보호대학원 정보보호학과)
Jeoung, Doo Won (고려대학교 정보보호대학원 정보보호학과)
Lee, Sang Jin (고려대학교 정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.6, no.12, 2017 , pp. 487-496 More about this Journal
Abstract
In MySQL InnoDB, there are two ways of storing data. One is to create a separate tablespace for each table and store it separately. Another is to store all table and index information in a single system tablespace. You can use this information to recover deleted data from the record. However, in most of the current database forensic studies, the former is actively researched and its structure is analyzed, whereas the latter is not enough to be used for forensics. Both approaches must be analyzed in terms of database forensics because their storage structures are different from each other. In this paper, we propose a method for recovering deleted records in a method of storing records in IBDATA file, which is a single system tablespace. First, we analyze the IBDATA file to reveal its structure. And introduce delete record recovery algorithm which extended to an unallocated page area which was not considered in the past. In addition, we show that the recovery rate is improved up to 68% compared with the existing method through verification using real data by implementing the algorithm as a tool.
Keywords
Database Forensic; MySQL InnoDB; File-Per-Table; IBDATA; Record Recovery;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 D. C. Lee and S. J. Lee, "Research of organized data extraction method for digital investigation in relational database system," Journal of the Korea Institute of Information Security and Cryptology, Vol.22, No.3, pp.565-573, 2012.
2 R. Harris, "Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem," Digital Investigation, Vol.3, pp.44-49, 2006.   DOI
3 Solid IT, DB-Engines Ranking [Internet], http://db-engines.com/en/ranking
4 Oracle, Benefits of Using InnoDB Tables [Internet], https://dev.mysql.com/doc/refman/5.7/en/innodb-benefits.html
5 H. K. Khanuja and D. S. Adane. "A framework for database forensic analysis," Computer Science & Engineering, Vol.2, No.3, p.27, 2012.   DOI
6 P. Fruhwirt, M. Huber, M. Mulazzani, and E. R. Weippl, "Innodb database forensics," Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on., IEEE, pp.1028-1036, 2010.
7 P. Fruhwirt, P. Kieseberg, S. Schrittwieser, M. Huber, and E. Weippl, "InnoDB database forensics: Enhanced reconstruction of data manipulation queries from redo logs," Information Security Technical Report, Vol.17, No.4, pp.227-238, 2013.   DOI
8 J. Wagner, A. Rasin, and J. Grier, "Database image content explorer: Carving data that does not officially exist," Digital Investigation, Vol.18, pp.S97-S107, 2016.   DOI
9 W. S. Noh, S. M. Jang, C. H. Kang, K. M. Lee, and S. J. Lee, "The Method of Deleted Record Recovery for MySQL MyISAM Database," Journal of the Korea Institute of Information Security & Cryptology, Vol.26, No.1, pp.125-134, 2016.   DOI
10 J. Jang, D. Jeoung, and S. J. Lee, "The Recovery Method for MySQL InnoDB Using Feature of IBD Structure," KIPS Transactions on Computer and Communication Systems, Vol.6, No.2, pp.59-66, 2017, DOI: 10.3745/KTCCS.2017.6.2.059.   DOI
11 Oracle, InnoDB Tablespaces [Internet], https://dev.mysql.com/doc/refman/5.7/en/innodb-tablespace.html