Oracle Database Server (10g)
Oracle Database Server (10g)
Books
- Oracle Forensics Using Quisix | Oracle Forensics will delve deep in the guts of undocumented Oracle features and show where to find the digital footprints left by an attacker. - David Litchfield, NGSS
White Papers and Articles
- Oracle Forensics Part 1: Dissecting the Redo Logs | Next Generation Security Software (NGSS) | March 2007 - David Litchfield, NGSS
- Oracle Forensics Part 2: Locating Dropped Objects | Next Generation Security Software (NGSS) | March 2007 - David Litchfield, NGSS
- Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism | Next Generation Security Software (NGSS) | March 2007 - David Litchfield, NGSS
- Oracle Forensics Part 4: Live Response | Next Generation Security Software (NGSS) | April 2007 - David Litchfield, NGSS
- Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing | Next Generation Security Software (NGSS) | August 2007 - David Litchfield, NGSS
- Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle
Recycle Bin | Next Generation Security Software (NGSS) | August 2007 - David Litchfield, NGSS
- Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Investigations | Next Generation Security Software (NGSS) | November 2008 - David Litchfield, NGSS
Presentations
- Oracle Forensics | Black Hat USA | August 2007 – David Litchfield, NGSS
- Oracle Forensics | PeterFinnigan.com | January 2008 - Peter Finnigan, PeterFinnigan.com
Tools
- Orablock | Orablock allows a forensic investigator the ability to dump data from a "cold" Oracle data file. There is no need to load up the data file in the database which would cause the data file to be modified, so using orablock preserves the evidence. Orablock can also be used to locate "stale" data - data that has been deleted or updated. - David Litchfield, NGSS
- Oratime | Allows a forensic investigator to convert the SCN to a timestamp. - David Litchfield, NGSS
