SEARCH
Disclaimer: Authors have full rights over their works. Reproduction of any part of the content is prohibited without prior authorization.
BOOK ORACLE INCIDENT RESPONSE AND FORENSICS
SUMMARY
-
Items Found: 93
- Chapter 1: Data Breach 1
- Types of Attack 2
- An Unskilled Breach 7
- A Skilled Breach 7
- What Is an Incident? 8
- What Is Incident Response? 9
- What Is Forensic Analysis? 10
- Chain of Custody 10
- What Is Oracle Database Forensics? 19
- How Does Oracle Function and Store Data? 20
- Oracle 12c Multitenant 24
- Chapter 2: Artifacts 27
- Heisenberg’s Uncertainty Principle of Oracle 28
- Audit Trail or No Audit Trail? 29
- The Problem of Detecting READ 30
- Identity and Accountability 31
- Time 32
- About the Author vii
- Acknowledgments ix
- Introduction xi
- Database Artifacts 34
- Tables or Views with SQL 34
- Tables or Views with Bind Data 41
- Tables or Views with Timestamps 42
- Privilege Changes 44
- Changes to Security 45
- Object Changes 46
- Redo Based 48
- ID Based Searches 49
- Applications Data 51
- Internals 52
- Flashback and Recycle 55
- Database Audit 56
- Database Dumps 58
- Rounding Up 60
- Non-Database Artifacts 60
- Webserver Logs 60
- Application Logs 63
- Operating System Audit 63
- TNS Listener Logs 64
- SQL*Net Trace 66
- SYSDBA Audit Trace Files and Logs 66
- Database Trace 69
- Database Datafiles 71
- Rounding Up 73
- Correlation 73
- Deleted Data 75
- Tuning Tools 84
- Rootkits 87
- Chapter 3: Incident Response Approach 93
- Planning 94
- Create an Incident Response Approach 95
- Incident Coordinator 96
- Create an Incident Response Team 98
- Create an Incident Response Process 101
- Create and Collate a Toolkit 113
- Chapter 4: Reacting to an Incident 119
- A Sample Attack 120
- What Not To Do 121
- Incident Verification and Identification 122
- Collecting Artifacts 127
- Disconnecting the System or Shutting Down 128
- Connecting to the System 128
- Live Response and Artifact Collection 131
- Views, Base Tables, RAC, and Synonyms? 132
- Spreadsheets 137
- Server and Database State 137
- Get Server Details 137
- Web Server logs 141
- Collect Oracle Logs Files from the Server 141
- Get Last SQL 145
- Volatile Artifacts 146
- Database Artifacts 147
- Checksums 153
- Chapter 5: Forensic Analysis 155
- Pre-Analysis 156
- Example Analysis 156
- Post-Analysis 172
- How Did He Get In? 172
- What Rights Did He Have? 172
- What Did He See? 172
- What Did He Change? 173
- What Could He Have Done? 173
- Findings 173
- Report and Summary 174
- Restore and Rebuild 174
- Chapter 6: What To Do Next? 177
- Planning 177
- Thinking About Database Security 181
- Enabling Sophisticated Audit Trails 187
- Conclusions 192
- Further Reading 194
- Index 197
