Digital forensic investigation requires forensic evidence data to prove a claimed crime. With the possibility of performing database forensic as a file system coupled with the fact that there are several storage engines that can be implemented in a database, there is need to know the forensic implication of using a particular storage engine with focus on how much forensic footprint it leaves behind. This work investigated the impact of MyISAM and InnoDB storage engines in generation of persistent forensic data in MySQL DBMS system. A comparison was done on the number of logs and files affected by an update operation in MySQL DBMS implementing either of the storage engines by comparing file metadata before and after UPDATE operation. It was found that more files were affected in InnoDB than in MyISAM implementation.
Artifacts, Digital evidence, Database Management System, Relational Database Management System, Metadata
To return to the Volume/Number webpage, click here.
THE INTERNATIONAL JOURNAL OF FORENSIC COMPUTER SCIENCE - IJoFCS
Volume 12, Number 1, pages 08-17, DOI: 10.5769/J201701001 or http://dx.doi.org/10.5769/J201701001
A Methodology to Test the Richness of Forensic Evidence of Database Storage Engine: Analysis of MySQL Update Operation in InnoDB and MyISAM Storage Engines
By James O. Ogutu, and Elisha O. Abade
To download this paper, click here.