Database Reference
In-Depth Information
History of Oracle Forensics
The first paper on Oracle forensics was published by the author for the GIAC GCFA qualification at this URL:
To save you having to read it all, I can say that it identified Log Miner as a useful way to read back through
previously executed SQL statements. It noted that the SQL generated by Log Miner was functionally similar but not
necessarily exact, and the tool did not preserve the precision of time stamps. In other words, Log Miner was the best
tool available at the time, but was not forensically accurate as it was not designed for the purpose of forensic analysis.
Later, after writing my first book,
Oracle Forensics
(Rampant Techpress, 2007), I summarized Oracle forensics into
a widely read “In a Nutshell” paper, which was hosted at David's Litchfield's web site archived here:
https://web.
Laws Pertaining to Database Forensics and Computer Security
Most incidents do not make it to court. As the technicalities of deducing past actions have wider usage for general
troubleshooting, the second technical section will be the main focus. First, let's summarize the laws that have
relevance to database forensics, as they will be useful for justifying security work. It will be good to be able to refer
back to them when dealing with an incident, but there is no need to memorize these—they are just for reference.
Computer Fraud and Abuse Ac
t, 18 U.S.C. §1030 - Network crimes in general.
Wiretap Ac
t, 18 U.S.C. §2511 - Wiretapping and snooping, covering use by authorities.
Privacy Ac
t, 18 U.S.C. 2701 - Electronic communications privacy related to the Wiretap Act.
Sarbanes Oxley
, section 404 - Financial standards to limit chance of fraud.
HIPAA
- Privacy of Health and Medical Records.
Fair Credit Reporting Act
(FCRA) - Limits use and distribution of personal data and
allows consumers to access the information held about them, though it primarily applies to
information used to make credit eligibility determinations.
Graham Leach Billey (GLB) -
Requires disclosure of privacy policies to customers and
financial standards in general. These policies should restrict the passing of non-public
personal information and require this information to be safeguarded.
Financial Anti-Terrorism Act
, (H.R. 3004) of 2001 - as part of the Patriot Act.
Basel II and III -
Stipulates a relationship between the risk assessed for a bank and the
amount of capital that needs to be set aside to balance that risk. Basel III is an update
in 2010 in response to the financial crisis.
SB1386 California Data Breach act
- Holders of PI have to notify those affected if there is a
breach. This has spread to other states and to the EU.
New York Data Breach act
- NY version of SB1386, along with many other states.
Data Accountability and Trust Act
of 2009 - to standardize localized data-breach laws into
PCI v3 (credit cards) -
Security standard requires installation of patches and encryption of
credit cards, as well as appropriate security monitoring.
Data Protection Act 1998 U.K.
- Defines responsibilities of organizations holding customer data.
Not thoroughly enforced in the private sector at this time, but does outline best practices.
