Sumário Itens Encontrados: 93Chapter 1: Data Breach 1Types of Attack 2An Unskilled Breach 7A Skilled Breach 7What Is an Incident? 8What Is Incident Response? 9What Is Forensic Analysis? 10Chain of Custody 10What Is Oracle Database Forensics? 19How Does Oracle Function and Store Data? 20Oracle 12c Multitenant 24Chapter 2: Artifacts 27Heisenbergâs Uncertainty Principle of Oracle 28Audit Trail or No Audit Trail? 29The Problem of Detecting READ 30Identity and Accountability 31Time 32About the Author viiAcknowledgments ixIntroduction xiDatabase Artifacts 34Tables or Views with SQL 34Tables or Views with Bind Data 41Tables or Views with Timestamps 42Privilege Changes 44Changes to Security 45Object Changes 46Redo Based 48ID Based Searches 49Applications Data 51Internals 52Flashback and Recycle 55Database Audit 56Database Dumps 58Rounding Up 60Non-Database Artifacts 60Webserver Logs 60Application Logs 63Operating System Audit 63TNS Listener Logs 64SQL*Net Trace 66SYSDBA Audit Trace Files and Logs 66Database Trace 69Database Datafiles 71Rounding Up 73Correlation 73Deleted Data 75Tuning Tools 84Rootkits 87Chapter 3: Incident Response Approach 93Planning 94Create an Incident Response Approach 95Incident Coordinator 96Create an Incident Response Team 98Create an Incident Response Process 101Create and Collate a Toolkit 113Chapter 4: Reacting to an Incident 119A Sample Attack 120What Not To Do 121Incident Verification and Identification 122Collecting Artifacts 127Disconnecting the System or Shutting Down 128Connecting to the System 128Live Response and Artifact Collection 131Views, Base Tables, RAC, and Synonyms? 132Spreadsheets 137Server and Database State 137Get Server Details 137Web Server logs 141Collect Oracle Logs Files from the Server 141Get Last SQL 145Volatile Artifacts 146Database Artifacts 147Checksums 153Chapter 5: Forensic Analysis 155Pre-Analysis 156Example Analysis 156Post-Analysis 172How Did He Get In? 172What Rights Did He Have? 172What Did He See? 172What Did He Change? 173What Could He Have Done? 173Findings 173Report and Summary 174Restore and Rebuild 174Chapter 6: What To Do Next? 177Planning 177Thinking About Database Security 181Enabling Sophisticated Audit Trails 187Conclusions 192Further Reading 194Index 197