David Litchfield has published a whitepaper on Oracle forensics « Alexander Kornbrust Oracle Security Blog

David Litchfield has published a whitepaper on Oracle forensics

David Litchfield has posted a new whitepaper „Using the Oracle System Change Number in Forensic Investigations„. He published also 2 tools called oratime and orablock. Oratime is converting a SCN to a timestamp.

C:\oratools>oratime 671406483

21/11/2008 21:48:03

The second tool from the whitepaper „orablock“ can extract data from a data block.

C:\cadfile>orablock

Orablock v1.0

(david@davidlitchfield.com)

-h (show help)

-f data_file (required)

-c column_template

-z block_size (default 8192)

-o object_id

-b block_number

-s seperator (default newline)

-a action

Actions are:

A DUMPALL

D SHOWDELETED

O DUMPNOTVIAOFFSETS

S SHOWDELETEDNOTVIAOFFSETS

C DUMPSCNS

This entry was posted on Donnerstag, November 27th, 2008 at 07:46 and is filed under David Litchfield, Forensics. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

You must be logged in to post a comment.

David Litchfield has published a whitepaper on Oracle forensics

Leave a Reply