Black Hat Webcast 6: Database Forensics with David Litchfield

12/23/08 • 81 min

Database Forensics expert David Litchfield will discuss his new tool and paper with Black Hat Founder and Director Jeff Moss and take questions from our webcast audience. The tool, orablock, allows a forensic investigator to dump data from a "cold" Oracle data file - i.e. there's no need to load up the data file in the database which would cause the data file to be modified, so using orablock preserves the evidence. Orablock can also be used to locate "stale" data - i.e. data that has been deleted or updated. It can also be used to dump SCNs for data blocks which can be useful during the examination of a compromised Oracle box.

Previous Episode

Black Hat Webcast 5: Clickjacking and Browser Security

"Clickjacking" is all over the news lately. For the uninitiated, it's a set of techniques discovered by Jeremiah Grossman and Robert Hansen that allows an attacker to transparently capture a user's clicks, forcing the user to do all manner of unpleasant things ranging from adjusting security settings to unwittingly visiting websites with malicious code.

Next Episode

Black Hat Webcast 7: Mac OS X Security

Overview:
Our seventh installment of the Black Hat Webcast Series arrives next week with an in-depth and fascinating look into the world of Mac Security. As the Mac platform grows in popularity both with the general public and the enterprise, we’ve seen an increase both in attacks and reasearcher interest in the topic of OS X Security.
Black Hat Speaker Jesse D’Aguanno will be presenting on the topic of "Crafting OS X Kernel Rootkits – Fundamentals." We’ll also have a presentation by Tiller Beauchamp of IOActive will be making a presentation called "OS X Security - A year in Review". Please join me and our guests for what is sure to be a fascinat