PFCLForensics - Live Response and Forensics

PFCLForensics 2024 is a simple to use but comprehensive tool to use to assist any organisation that has potentially been breached. The tool supports three major operations:

A team can use its checklist feature to manage the incident resonse process from start to finish
Database incident response team can perform live analysis of transient artefacts and also more static data
An analyst can use the product to process and investigate the evidence that has been gathered

A breach can be mangaged in terms of working through the steps needed to respond to and analyse a potential breach; PFCLForensics helps with this. The steps can be checked off as they are reached and completed. PFCLForensics can be used to provide live response on a database and also the operating system in respect to the database server. We also support loading of files that have been gathered from other sources such as apache error logs and access logs.

Here is a picture of PFCLForensics showing the main interface after the start of analysing a potentially breached database:

PFCLForensics showing a simple open project

The product also supports projects so that each analysys is self contained. Each set of data gathered during the live response has a checksum created at extraction time from the database or server if done in the tool or at the time of loading the file into PFCLForensics. These checksums are verified every time the project is loaded and the user can request a validation at any time in the interface.

Once the data is extracted during live response the analyst can use the interface to browse and investigate the evidence and locate artefacts that can prove or disprove whether a breach has taken place. This forensic analysis allows the user to create a timeline of evidence and even add comments or notes to the evidence extracted. The tool also provides a fully functional word processor and a template report as well as the ability to screen shot or extract data from the data grids or timelibe graph or supporting evidence graph.

PFCLForensics has a very attractive and cost effective licensing scheme based on the installation of PFCLForensics on a PC and once licensed and installed you are able to investigate any number of databases during your license period. Here is a screen shot of details of some potential evidence that shows SQL Injection:

PFCLForensic - evidence of SQL Injection

PFCLForensics is suitable for security consultants both internal and external to forensic analysis and live response of your Oracle databases or your customers but it is also suitable for internal use to test and practice your response to a breach.

Download PFCLForensics brochure

Click on the image below to download a PDF version of this brochure.

Request a Demo

If you would like to receive further details of this exciting product or request a demo then please email info@petefinnigan.com

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).