A method and tool to recover data deleted from a MongoDB

Jongseong Yoon, Sangjin Lee

    Research output: Contribution to journalArticlepeer-review

    14 Citations (Scopus)


    DBMS stores an important data, which is one of the important analytical subjects for analysis in digital forensics. The technique of recovering deleted data from the DBMS plays an important role in finding the evidence in forensic investigation cases. Although relational DBMS is used as important data storage until now, NoSQL DBMSs is used more often due to the growing pursue of Big Data. This increases the potential to analyze a NoSQL DMBS in forensic cases. In reality, data from approximately 26,000 servers has been deleted by a massive ransom attack on vulnerable MongoDB server. Therefore, investigation of internal structure analysis and deleted data recovery techniques of NoSQL DBMS is essential.In this paper, we research the recovery method on deleted data in MongoDB that is widely used. We have analyzed the internal structures of the WiredTiger and MMAPv1 storage engines, which are the MongoDB's disk-based storage engines. Moreover, we have implemented the recovery algorithm as a tool as well as have evaluated its performance on real and self-generated experiment data.

    Original languageEnglish
    JournalDigital Investigation
    Publication statusAccepted/In press - 2017 Jan 1


    • Database forensics
    • MongoDB
    • NoSQL database forensics
    • Recovery of deleted data from database

    ASJC Scopus subject areas

    • Computer Science Applications
    • Medical Laboratory Technology
    • Law


    Dive into the research topics of 'A method and tool to recover data deleted from a MongoDB'. Together they form a unique fingerprint.

    Cite this