兩個Oracle資料庫鑑識工具 - DDLDUMP & Data Block Examiner

近期,幾個主要的安全事件,如McAfee.com,MySql.com和Sun.com由於存在SQL注入漏洞被黑,導致人們將責任由SQL注入這個被 認為已經在逐年下降的漏洞推到了資料庫安全上。針對SQL注入攻擊比較重要的是知道問題出在了哪裡?這就是資料庫攻擊取證之所以重要的原因,有兩個比較好 的工具可以幫你完成資料庫取證任務 

DDLDUMP & Data Block Examiner
DDLDUMP: A Data Definition Language or Data Description Language (DDL) is a computer language for defining data structures. DDLDUMP is a free tool to dump DDL statements from Oracle transaction logs (redologs) in XML. It parses an Oracle redo log (transaction file ) and dumps all DDL statements, such as GRANT, CREATE, ALTER, DROP, REVOKE, etc, in XML.
工具下載:http://www.v3rity.com/ddldump.php


Data Block Examiner for Oracle: It is a tool that can be used in an Oracle forensics investigation of a suspected breach.
工具下載:http://www.v3rity.com/v3ritydbe.php


轉自 http://www.pulog.org/tools/1972/Oracle-Forensic/

0 意見: