Database Management Systems generate a multitude of data copies as part of their normal operation. For example, a materialized view stores the pre-computed results of a query drawn from the data tables in order to improve query performance. An index contains a copy of values from the indexed column(s) combined with a pointer back to the source table in order to speed up record access. Many other copies of data are created by DBMS engine actions such as caching, log entries, or internal storage defragmentation. These and other internal copies of data can be extracted from DBMS storage with the help of database carving and used for evidence of database tampering or storage corruption.
ODSA: Open Database Storage Access. Wagner, J. Rasin, A. Malik, T. Grier, J. , Extending Database Technology (EDBT), 2020. Paper
DF-toolkit: interacting with low-level database storage. Wagner, J. Rasin, A. Heart, K. Malik, T. Grier, J. , Proceedings of the VLDB Endowment, 2020. Paper
Where Provenance in Database Storage. Rasin, A. Malik, T. Wagner, J. Kim, C. , International Provenance and Annotation Workshop, 2018. Paper
Detecting database file tampering through page carving. Wagner, J. Rasin, A. Heart, K. Malik, T. Furst, J. Grier, J. , 21st International Conference on Extending Database Technology, 2018. Paper
Database forensic analysis with DBCarver. Wagner, J. Rasin, A. Malik, T. Heart, K. Jehle, H. Grier, J. , CIDR 2017, 8th Biennial Conference on Innovative Data Systems Research, 2017. Paper
