Threats to privacy in the forensic analysis of database systems.

The use of any modern computer system leaves unintended traces of expired data and remnants of users' past activities. In this paper, we investigate the unintended persistence of data stored in database systems. This data can be recovered by forensic analysis, and it poses a threat to privacy. First, we show how data remnants are preserved in database table storage, the transaction log, indexes, and other system components. Our evaluation of several real database systems reveals that deleted data is not securely removed from database storage and that users have little control over the persistence of deleted data. Second, we address the problem of unintended data retention by proposing a set of system transparency criteria: data retention should be avoided when possible, evident to users when it cannot be avoided, and bounded in time. Third, we propose specific techniques for secure record deletion and log expunction that increase the transparency of database systems, making them more resistant to forensic analysis.