JCP 2014 Vol.9(11): 2538-2544 ISSN: 1796-203X
doi: 10.4304/jcp.9.11.2538-2544
doi: 10.4304/jcp.9.11.2538-2544
A Forensic Analysis Method for Redis Database Based on RDB and AOF File
Ming Xu, Xiaowei Xu, Jian Xu, Yizhi Ren, Haiping Zhang, and Ning Zheng
College of Computer, Hangzhou Dianzi University, Hangzhou, China
Abstract—Redis is a widely used non-relational and in-memory database system. It holds a large amount of information both in memory and file system, which is of great significance to forensic analysis. This paper mainly proposes a forensic analysis method for Redis based on RDB and AOF file. A method of extracting useful information from RDB backup file is proposed based on the data storage mechanism described in this paper. A method of reconstructing the write operation statements from AOF file is also provided. Finally, the method of directly analyzing data from memory is shown. The experimental results demonstrate the effectiveness of our method. Most of the data could be extracted from RDB and AOF file, which provides important information for forensic investigators.
Index Terms—Redis, NoSQL, database forensics, digital forensics.
Abstract—Redis is a widely used non-relational and in-memory database system. It holds a large amount of information both in memory and file system, which is of great significance to forensic analysis. This paper mainly proposes a forensic analysis method for Redis based on RDB and AOF file. A method of extracting useful information from RDB backup file is proposed based on the data storage mechanism described in this paper. A method of reconstructing the write operation statements from AOF file is also provided. Finally, the method of directly analyzing data from memory is shown. The experimental results demonstrate the effectiveness of our method. Most of the data could be extracted from RDB and AOF file, which provides important information for forensic investigators.
Index Terms—Redis, NoSQL, database forensics, digital forensics.
Cite: Ming Xu, Xiaowei Xu, Jian Xu, Yizhi Ren, Haiping Zhang, and Ning Zheng, "A Forensic Analysis Method for Redis Database Based on RDB and AOF File," Journal of Computers vol. 9, no. 11, pp. 2538-2544, 2014.
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>