Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing

This paper is the 5th in a series of papers by David Litchfield exploring the topic of Oracle Forensics, in this installment David will be discussing forensic analysis of a compromised database server.

When investigating other areas of computer forensics it is often obvious that a crime has been committed however with database intrusion this may be harder to detect. When information has been taken from a database only a copy is taken and the original remains and therefore it is not immediately clear that a theft has taken place.

This paper will show how an incident responder can determine if such a breach of an Oracle database server has occurred if it is suspected that a breach has occurred but there is no audit trail.

Download whitepaper

Call us before you need us.

Our experts will help you.

Get in touch
%d bloggers like this: