Recovery method of deleted records and tables from ESE database
- Authors
- Kim, Jeonghyeon; Park, Aran; Lee, Sangjin
- Issue Date
- 7-8월-2016
- Publisher
- ELSEVIER SCI LTD
- Keywords
- ESE database analysis; ESE database forensic; Windows forensic
- Citation
- Digital Investigation, v.18, pp.S118 - S124
- Indexed
- SCIE
SCOPUS
- Journal Title
- Digital Investigation
- Volume
- 18
- Start Page
- S118
- End Page
- S124
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/87830
- DOI
- 10.1016/j.diin.2016.04.003
- ISSN
- 1742-2876
- Abstract
- The Extensible Storage Engine (ESE) database is a data storage technology developed by Microsoft. It is mainly used by Windows OS and its web browser. It is possible to easily delete a table or a record in the database using the ESENT API. However, there are insufficient papers and relevant information how about recovering deleted records. Previous works apply only to some tables and fail to recover deleted data perfectly. In this paper, we analyzed the structure of the ESE database and present a general-use technique to recover deleted records and tables. We developed a tool to implement the technique, and assessed the performance of the proposed tool. (C) 2016 The Author(s). Published by Elsevier Ltd.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - School of Cyber Security > Department of Information Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.