A Methodology To Test The Richness Of Forensic Evidence Of Database Storage Engine: Analysis Of MySQL Update Operation In InnoDB And MyISAM Storage Engines
Abstract
Digital forensic investigation requires forensic evidence data to prove a claimed crime. Forensic evidence can either be volatile or persistent wherein persistent evidence is of great importance while investigating a case in a system that has once been shut down or powered off after the claimed violation since volatile evidence will disappear when the system is powered off. With the possibility of performing database forensic as a file system coupled with the fact that there are several storage engines that can be implemented in a database, there is need to know the forensic implication of using a particular storage engine with focus on how much forensic footprint it leaves behind. This work investigated the impact of MyISAM and InnoDB storage engines in generation of persistent forensic data in MySQL DBMS system. A comparison was done on the number of logs and files affected by an update operation in MySQL DBMS implementing either of the storage engines. It was found that more files were affected in InnoDB than in MyISAM implementation.
Publisher
University of Nairobi
Rights
Attribution-NonCommercial-NoDerivs 3.0 United StatesUsage Rights
http://creativecommons.org/licenses/by-nc-nd/3.0/us/Collections
The following license files are associated with this item: