SQL Lab — Database Forensics (Hard)

🖥️

SQL Terminal

📚

Reference

📌 OBJECTIVES — NO HINTS

○Parse audit log for suspicious time window

○Identify all DML in the 02:00-04:00 window

○Use binlog to reconstruct deleted rows

○Trace user session to specific account

○Quantify data exfiltration scope

○Recover deleted transaction records

○Produce timestamped forensic timeline

0 / 7 complete

SQL TERMINAL — DATABASE FORENSICS (HARD)

MySQL 8.0 — Lab environment loaded Database Forensics (Hard) — Hard tier · No syntax hints provided ⚠ This lab tests independent problem-solving. Reference window available. ──────────────────────────────

mysql>

COMMAND REFERENCE

AVAILABLE COMMANDS

SELECT * FROM mysql.general_log WHERE event_time BETWEEN '2024-01-16 02:00:00' AND '2024-01-16 04:00:00';
SELECT * FROM audit_log WHERE user_host LIKE 'app_user%' AND command_type='Query' ORDER BY event_time;
mysqlbinlog --start-datetime='2024-01-16 02:00:00' --stop-datetime='2024-01-16 04:00:00' binlog.000012
SELECT * FROM information_schema.PROCESSLIST WHERE USER='app_user';
SELECT COUNT(*), SUM(amount) FROM transactions WHERE created_at BETWEEN '2024-01-16 02:00' AND '2024-01-16 04:00';
INSERT INTO transactions_recovery SELECT * FROM transactions_binlog_restore WHERE deleted_at IS NOT NULL;

Type keywords from the command list. The terminal will recognise your intent even if the exact syntax differs.

MISSION BRIEFING

DB FORENSICS — IRONGATE FINANCIAL · HARD ⭐⭐⭐

SCENARIO

A fraud investigation team suspects an insider threat at IronGate Financial. Database audit logs and binlogs show suspicious activity between 02:00 and 04:00 last Tuesday. You must parse the logs, reconstruct the exact SQL statements executed, identify which rows were modified, recover deleted records from the binlog, and produce a forensic timeline report.

OBJECTIVES

Parse audit log for suspicious time window
Identify all DML in the 02:00-04:00 window
Use binlog to reconstruct deleted rows
Trace user session to specific account
Quantify data exfiltration scope
Recover deleted transaction records
Produce timestamped forensic timeline

HARD MODE RULES

No step-by-step guidance. Use the Reference window for command syntax only. You must determine the approach, the correct columns and order, and verify your own results.

Display Mode