> Keep in mind that this is in the context of quite large databases so
> keeping numerous compressed copies of the GBK's around isn't even
> feasible...

Didn't your soulution involve having a 'pre-restored' version
ready for disaster? That will consume some disk space. Unless,
something very efficient and fancy could be implemented in the
engine, I'd use replication here. You could replicate your
database periodically (a save point), turn it off and wait for
your disaster to occur. :) Disk space it cheap. For a large
system I hope the cost of the right hardware for the solution
wouldn't be a barrier.

> Human error as in hacker gets access to the database and performs a bunch of
> updates, inserts, whatever to accomplish some malicious task. Thus, it
> definitely is the DBA's job to sort out the mess and restore the data back
> to the pre-attack state.

SQL and operating system security should protect against a hacker like
this. If you don't trust an operating systems security perhaps a
different OS should be considered. If IB security can be enhanced
in an elegant way thus, not to bloat it, not slow it down with logging
and save points and at all costs not turn itself into an OS level
security replacement I am for it. The chosen OS needs provide security.

> If the hacker did their thing at 10:00 AM

A hacker should not be able to do their thing - ever. If they can,
perhaps the network admin should be taken out back for a
talking to.