...
Since Registry operates using copy-on-write (available since v0.9.2 or v0.9.4 depending on the table), user data is not deleted from the database, even when changed. It is possible to audit tables containing user-managed data to see if any exploits were attempted. For self service enrollment flow, check cm_co_petition_attributes. For self service attributes, check the appropriate tables associated with enabled self service (eg: cm_names).
References
- CO-1369