Database Forensics expert David Litchfield will discuss his new tool and paper with Black Hat Founder and Director Jeff Moss and take questions from our webcast audience. The tool, orablock, allows a forensic investigator to dump data from a "cold" Oracle data file - i.e. there's no need to load up the data file in the database which would cause the data file to be modified, so using orablock preserves the evidence. Orablock can also be used to locate "stale" data - i.e. data that has been deleted or updated. It can also be used to dump SCNs for data blocks which can be useful during the examination of a compromised Oracle box.
Podden och tillhörande omslagsbild på den här sidan tillhör Black Hat Briefings. Innehållet i podden är skapat av Black Hat Briefings och inte av, eller tillsammans med, Poddtoppen.
