During a database forensic investigation, an analyst discovers that multiple rows in a MySQL table have been deleted. The binary logs are enabled. Which approach should the analyst use to recover the deleted data?
Trap 1: Restore the transaction log files from backup and mount them to…
Transaction logs (redo logs) are not designed for direct recovery of deleted rows; binary logs are used.
Trap 2: Use the 'SHOW UNDO' command to retrieve the deleted rows from undo…
MySQL does not have a SHOW UNDO command.
Trap 3: Query the information_schema database to retrieve deleted rows from…
Information_schema contains metadata, not actual row data.
- A
Restore the transaction log files from backup and mount them to recover the deleted rows.
Why wrong: Transaction logs (redo logs) are not designed for direct recovery of deleted rows; binary logs are used.
- B
Use the 'SHOW UNDO' command to retrieve the deleted rows from undo tablespace.
Why wrong: MySQL does not have a SHOW UNDO command.
- C
Query the information_schema database to retrieve deleted rows from the data dictionary.
Why wrong: Information_schema contains metadata, not actual row data.
- D
Parse the binary logs using mysqlbinlog to extract the DELETE statements and reconstruct the lost data.
Binary logs record all data changes; mysqlbinlog can output the SQL statements, including deletes.