More on forensics with large data sets…
First of all there is the physical requirement of actually copying large disks in a short time.
http://www.ics-iq.com/ advertise 3.9 gigabytes per second for their high speed duplication machiner.
To speed up network transfer of data using netcat pipe through tar first to make the transfer quicker.
Receiving end
# netcat -l -p [...]
Oracle Audit Vault looks like it is going to be an interesting product from an Oracle Forensics perspective from what I have read.
http://www.softwarepipeline.com/files/Oracle_Audit_Vault.pdf
The fact that 11g is audit on by default and said to be less performance degrading will make for more archived audit in the vault and the possibility to backtrack the potential previous [...]
http://www.truecrypt.org/ and http://www.gpg4win.org/ are good replacements for PGP disk and PGP email for outlook.
I found out a while ago that my intended URL domain www.orasec.com and http://orasec.blogspot.com was in fact named after a city in Macedonia.
If any one from Macedonia would like to have the URL for their city you are welcome to buy it from me at cost value as I decided to fit into a more [...]
Given a central Oracle loghost which collates audit and logs from firewall, WWW, OS, DB, IDS and which accesses these logs through SQL driven EXTERNAL TABLES, TIMESTAMP becomes an effective primary and foreign key to join the relations so that actions by an individual over a network can be correlated. Interestingly the uniqueness of each [...]
dcfldd is an improvement on dd as it shows progress through the bit copy
http://dcfldd.sourceforge.net/
It also does a checksum at the end to make sure you have a perfect copy.
Recommended for forensics work.
http://translate.google.com/translate?u=http%3A%2F%2F209.85.135.104%2Fsearch%3Fq%3Dcache%3A_Fr4aQniTH4J%3Awww.csnc.ch%2Fstatic%2Fevent%2F2006_Best_of_Oracle_Security_2006.pdf%2BOrasploit%26hl%3Den%26gl%3Duk%26ct%3Dclnk%26cd%3D3&langpair=de%7Cen&hl=en&ie=UTF8
One of the students in my class asked to see the ALTER SESSION, SQL AS DBA demo so here it is.
This code can be used to check and compare the objects in your database.
http://www.oracleforensics.com/dbstatechecker.sql
This would be useful to see the effects of a security patch installation and to check the integrity of database objects at the database level.
See my new paper at http://www.sans.org/reading_room/whitepapers/application/1736.php
The Oracle password paper I have written for my employer NGSSoftware Ltd has been translated to Japanese and also mirrored in HTML by my publisher Don Burleson’s Rampant Techpress. The English PDF URL for the paper is http://www.ngssoftware.com/research/papers/oraclepasswords.pdf and the actual OraBrute tool itself is available at
http://www.ngssoftware.com/research/papers/oraclepasswords.zip
Edit added 22/04/2010
This paper has moved to this [...]
