Database Forensics and Incident Response - databasesecurity.com

Database Forensics

Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow.
In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen – the largest known breach so far.
In 2006 there were 335 publicized breaches in the U.S.; in 2005 there were 116 publicized breaches; between 1st January and March 31st of 2007, a 90 day period, there have been 85 breaches publicized.

Never has database forensics and incident response been so important. These papers should help forensic examiners and incident responders to find evidence after a database intrusion has occured.

Title: Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin
Author: David Litchfield, NGSSoftware
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing
Author: David Litchfield, NGSSoftware
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Blackhat 2007: Oracle Forensics
Author: David Litchfield, NGSSoftware
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Securing history: Privacy and accountability in database systems
Author: Gerome Miklau, Brian Levine and Patrick Stahlberg, University of Massachusetts
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Threats to Privacy in the Forensic Analysis of Database Systems
Author: Patrick Stahlberg, Gerome Miklau, and Brian Neil Levine, University of Massachusetts
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Implementing a Tamper-evident Database System
Author: Gerome Miklau and Dan Suciu, Universities of Massachusetts and Washington
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism
Author: David Litchfield, NGSSoftware
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Oracle Forensics Part 2: Locating Dropped Objects
Author: David Litchfield, NGSSoftware
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Oracle Forensics Part 1: Dissecting the Redo Logs
Author: David Litchfield, NGSSoftware
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Oracle Forensics in a Nutshell
Author: Paul Wright, NGSSoftware
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Oracle Database Forensics using Logminer
Author: Paul Wright, NGSSoftware
Type: Whitepaper / pdf
[Mirror] [Original]

Title: Oracle Forensics: Collecting Evidence After an Attack
Author: Aaron Newman, Appsecinc
Type: Powerpoint
[Mirror] [Original]

Copyright © 2001- 2005 databasesecurity.com. All rights reserved.