Abstract-Whenever data is being processed, there are many places where parts of the data are temporarily stored; thus forensic analysis can reveal past activities, create a (partial) timeline and recover deleted data. While this fact is well known for computer forensics, multiple forensic tools exist to analyze data and the systematic analysis of database systems has only recently begun. This paper will describe the file format of the MySQL Database 5.1.32 with InnoDB Storage Engine. It will further explain with a practical example of how to reconstruct the data found in the file system of any SQL table. We will show how to reconstruct the table as it is, read data sets from the file and how to interpret the gained information.
Abstract. This paper analyzes the web browsing behaviour of Tor users. By collecting HTTP requests we show which websites are of interest to Tor users and we determined an upper bound on how vulnerable Tor users are to sophisticated de-anonymization attacks: up to 78 % of the Tor users do not use Tor as suggested by the Tor community, namely to browse the web with TorButton. They could thus fall victim to deanonymization attacks by merely browsing the web. Around 1% of the requests could be used by an adversary for exploit piggybacking on vulnerable file formats. Another 7 % of all requests were generated by social networking sites which leak plenty of sensitive and identifying information. Due to the design of HTTP and Tor, we argue that HTTPS is currently the only effective countermeasure against de-anonymization and information leakage for HTTP over Tor.
Abstract-Today's forensic techniques for databases are primarily focused on logging mechanisms and artifacts accessible in the database management systems (DBMSs). While log files, plan caches, cache clock hands, etc. can reveal past transactions, a malicious administrator's modifications might be much more difficult to detect, because he can cover his tracks by also manipulating the log files and flushing transient artifacts such as caches. The internal structure of the data storage inside databases, however, has not yet received much attention from the digital forensic research community. In this paper, we want to show that the diversity of B + -Trees, a widely used data structure in today's database storage engines, enables a deep insight of the database's history. Hidden manipulations such as predated INSERT operations in a logging database can be revealed by our approach. We introduce novel forensic techniques for B + -Trees that are based on characteristics of the tree structure and show how database management systems would have to be modified to even better support tree forensic techniques.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.