A forensic investigator is examining an attack on a MySQL database. The investigator has been given access to a server, but the physical MySQL data files are encrypted, and the database is currently inaccessible. The attacker seems to have tampered with the data. Which MySQL utility program would most likely assist the investigator in determining the changes that occurred during the attack?
Mysqlbinlog is the most appropriate utility program for the forensic investigator to use in this scenario. This is because the Mysqlbinlog utility reads the binary log files directly and displays them in text format. Binary log files record all changes made to the database, such as insertions, updates, and deletions. By examining these logs, the investigator can determine the changes that occurred during the attack, even if the physical MySQL data files are encrypted.
Reads the binary log files directly and displays them in the text format. Displays the content of bin logs (mysql-bin.nnnnnn) in the text format.