Oracle Forensics Articles

David Litchfield of NGS Software has put up several excellent articles on Oracle Database Forensics. Litchfield is generally considered to be the most knowledgeable person in the field of database security, so his thoughts on database forensics carry a lot of weight.

So far four articles have been posted:
  1. Oracle Forensics Part 1: Dissecting the Redo Logs
  2. Oracle Forensics Part 2: Locating Dropped Objects
  3. Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism
  4. Oracle Forensics Part 4: Live Response
I haven't read through them in detail yet, but it looks like they have a ton of awesome information about the binary format of the redo logs and recovering information that has been deleted (dropped) from the database.

