Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle BI Suite and Row Level Security"] [Next entry: "15 free SQL Injection scanners"]

Oracle forensics part 4 - live response

David sent me an email today to let me know that he has released part 4 in his Oracle forensics series. The paper is titled - (broken link) Oracle Forensics Part 4: Live Response. This is a good paper taking you through the steps of live response in an Oracle database. This is really about how to read the structure/state/config of the database and also to gather evidence of what the database was doing when the incident occured without affecting the state of the database all with the purpose of being able to assure the state of the data for potential use in court.

There are useful lists of what to gather, system related, files, and then database queries including previously executed SQL queries. Also how to get logons, users, privileges, objects including checksumming of objects.

The most interesting sentence is that David announces that a commercial unwrapper is available for sale.