- Alexander Kornbrust Oracle Security Blog - http://blog.red-database-security.com -
David Litchfield has published a whitepaper on Oracle forensics
Dieser Eintrag stammt von Alexander Kornbrust Am 27 Nov 2008 @ 07:46 In Forensics, David Litchfield | Keine Kommentare
David Litchfield has posted a new whitepaper “[1] Using the Oracle System Change Number in Forensic Investigations“. He published also 2 [2] tools called oratime and orablock. Oratime is converting a SCN to a timestamp.
C:\oratools>oratime 671406483
21/11/2008 21:48:03
The second tool from the whitepaper “orablock” can extract data from a data block.
C:\cadfile>orablock
Orablock v1.0
(c) David Litchfield
(david@davidlitchfield.com)
-h (show help)
-f data_file (required)
-c column_template
-z block_size (default 8192)
-o object_id
-b block_number
-s seperator (default newline)
-a action
Actions are:
A DUMPALL
D SHOWDELETED
O DUMPNOTVIAOFFSETS
S SHOWDELETEDNOTVIAOFFSETS
C DUMPSCNS
Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com
URL zum Artikel: http://blog.red-database-security.com/2008/11/27/david-litchfield-has-published-a-whitepaper-on-oracle-forensics/
URLs in this post:
[1] Using the Oracle System Change Number in Forensic Investigations: http://www.databasesecurity.com/dbsec/oracle-forensics-scns.pdf
[2] tools: http://www.databasesecurity.com/cadfile.zip
Klicken hier zum Drucken.