Is it possible to recover data once it has been purged from the database?

book

Article ID: 160746

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Once an incident has been marked for deletion and then subsequently purged from the database, is there any way to recover it? Would anyone be able to get to this purged information? 

Resolution

Relevant versions:  ALL

It is important to keep in mind that the most critical information - the cracked content, message body, and attachments - is encrypted in the database.  The link between the encryption key and the record is managed by Symantec's DLP application - so even a “rogue” DBA going into Oracle directly without using Symantec's DLP application will get access to encrypted content, but will not have access to the keys needed to decrypt the content because this is managed by the DLP application.

Deletion of incidents in Oracle is essentially a 2 step process.

  1. When you delete incidents in the UI, they are “marked for deletion”.  They are no longer accessible via the application.
  2. There is a batch process when all the incidents that are “marked for deletion” are actually deleted in the database.  The frequency is configurable, but the default is as follows:
  • V8 and up: to run at the first occurrence of Midnight after the Manager is started, and then every 24hrs.
  • Below V8:  Every 24 hours after restarting the Manager service.  For example, if you restart the Manager service at 9am, it will run at 9am the next day, and approximately 9am the following morning.