StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Investigation Forensics - How to Find Evidence from Oracle Data Base - Research Paper Example

Cite this document
Summary
According to research findings of the paper “Investigation Forensics - How to Find Evidence from Oracle Data Base”, by analyzing all the functions of a powerful forensic tool named ‘Logminer’, data can be retrieved to an extent. Moreover, the forensic tool kit also provides efficient data recovery…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.3% of users find it useful
Investigation Forensics - How to Find Evidence from Oracle Data Base
Read Text Preview

Extract of sample "Investigation Forensics - How to Find Evidence from Oracle Data Base"

? Full Paper Expanded Literature Review Log miner is a recommendation for correcting errors efficiently and robustly in projects related to military medical industry. It was implemented to provide two functions i.e. mining and analyzing the redo log files that are created by the database powered by Oracle. The military medical program demonstrated the core concept of ‘Logminer’ in terms of configuration and utilizing its features within the register program (Application of LogMiner in no.1 military medical project-- Chinese medical equipment Journal 2008). The register program was the sub program of the project. Likewise, the errors occurred were efficiently detected by SQL statements via UNDO_VALUE field. After reviewing its pinpoint accuracy, Log miner was recommended for maintenance personnel programs associated with hospital information systems (Application of LogMiner in no.1 military medical project-- Chinese medical equipment Journal 2008). Moreover, one more research was conducted by (Pucciani, Domenici, Donno, & Stockinger, 2010) that was related to a performance study on the synchronization of heterogeneous Grid databases using ‘CONStanza’. The study was implementing on grid computing that links with high performance computing. The grid environment is composed of many heterogeneous database management systems. Likewise, these database management systems serve their purpose for many administrative tasks. The study illustrated the evaluation of system components for further future developments (Case_LogMiner.pdf (application/pdf object)). Moreover, one more study was conducted related to the utilization of ‘LogMiner’ to locate Archive Logs Flow. The researchers analyzed rapid disk possession without creating new jobs. Consequently, the new log archive is developed every 60 seconds along with the rapid increment in disk possession (Case_LogMiner.pdf (application/pdf object)). The conclusion of the study demonstrated that the internal processes related to the ‘STATPACK’, were the foundation of unnecessary log archives. Furthermore, the time intervals were not configured correctly for STATPACK (Case_LogMiner.pdf (application/pdf object)). Methodology In order to conduct data forensics on the database, some of the particular methods are mentioned below: Data dictionary extraction is achievable in flat files and ‘redo’ log files. However, in Oracle 9i, if an investigator is analyzing a ‘redo’ log file that is created within the same database, the online dictionary data can be utilized as a replacement for a ‘redo’ log file or a flat file. The extraction of information encapsulated in the data dictionary is possible via DBMS_LOGMNR_D package. The package provides certain features such as: Incarcerating extraction of data dictionary of flat files Incarcerating extraction of data dictionary of the redo log files Modifying the location and storage, where the tables are stored, and are utilized to incarcerate data dictionary extraction in the redo log files. However, by default, the table storage is located in ‘SYSTEM tablespace’ (TOO CLEVER FOR WORDS: ORACLE9I LOG MINER - ORACLE). Apart from the features, the package also supports procedural outcomes that are associated with ‘DBMS_LOGMNR_D’ package. The procedural outcomes are named as ‘PROCEDURE BUILD’ ‘PROCEDURE SET_TABLESPACE’ and ‘IDENTIFYING REDO LOG FILES’. In order to start a session of the Log minor, there is a requirement of redo log files, as the log miner reads the information that is present in the ‘redo’ log files. The information in the ‘redo’ log files comes from the data dictionary extraction (TOO CLEVER FOR WORDS: ORACLE9I LOG MINER - ORACLE). Moreover, the value ‘DBMS_LOGMNR.DICT_FROM_REDO_LOGS’ I configured in the options parameter. The value ‘DBMS_LOGMNR.COMMITTED_DATA_ONLY’ is configured for the automated filtration of transactions that are uncommitted in the database. The filtration separates the uncommitted transactions so that only committed transactions can be displayed (TOO CLEVER FOR WORDS: ORACLE9I LOG MINER - ORACLE). The value ‘DBMS_LOGMNR.DICT_FROM_ONLINE_CATALOG’ is configured if the redo log files are developed within the same database. In this case, the implementation of online data dictionary takes place, in order to start the translation map of data dictionary. Moreover, many additional features can only be implemented while log miner sessions are in progress. Some of the names of these processes include (TOO CLEVER FOR WORDS: ORACLE9I LOG MINER - ORACLE): V$LOGMNR_DICTIONARY V$LOGMNR_LOGS $LOGMNR_LOGFILE V$LOGMNR_PARAMETERS V$LOGMNR_SESSION V$LOGMNR_PROCESS V$LOGMNR_TRANSACTION V$LOGMNR_REGION V$LOGMNR_CALLBACK V$LOGMNR_STATS In the end, the log miner session can be ended by the DBMS_LOGMNR.END_LOGMNR procedure (TOO CLEVER FOR WORDS: ORACLE9I LOG MINER - ORACLE). Milestone One and Milestone Two Summary In milestone one the evaluation of database forensic tool named as log miner was discussed. The researchers evaluated the capability and performance of this tool, in order to analyze timelines and audit trails of databases. The testing or evaluation of this tool concluded that it could analyze Oracle generated redo files. The redo files contain information that contributes in file recovery or tracking audit trails. Therefore, following tests were conducted in order to check the integrity an accuracy of Log miner: General forensic capability: Accuracy level Find out source of inaccuracy After conducting the above-mentioned tests, all the results were successful and hence the tool was considered as an efficient product for recovering lost data from a database. Moreover, the expanded literature review and methodology concluded its usage in different industries including military and hospitals. A study was conducted on synchronizing heterogeneous grid databases by utilizing ‘CONStanza’. Furthermore, another study was demonstrated associated with ‘LogMiner’ to locate archive log flow. In this study, hard drive and storage devices were examined closely. Results In the results section, Logminer will retrieve data of interest from a database. Several steps and procedures needs to be followed in order to retrieve data. The steps are as follows (Using LogMiner to analyze redo log files): First step: The first step is to locate a logminer dictionary. However, there are many types of dictionaries, and depends on the data needs to be retrieved as demonstrated in Fig 1.1. Logminer will initialize DBMS_LOGMNR_D.BUILD. Figure 1.1 image retrieved from (DBAsupport.com : Oracle 9i central : Striking gold with LogMiner - part 1: Getting started ) Second step: The second step will identify redo log files that needs to be examined by initializing DBMS_LOGMNR.ADD_LOGFILE procedure as shown in Fig 1.2. Figure 1.2 image retrieved from (B.Oracle9i DBA JumpStart San Francisco, Calif.; SYBEX, c2003) Third Step: In the third step, log miner will start its operations by initializing DBMS_LOGMNR.START_LOGMNR procedure. Fourth Step: In this step log miner will request the redo data, which is specifically required by querying V$LOGMNR_CONTENTS view. Fifth Step: Logminer session is over by executing DBMS_LOGMNR.END_LOGMNR. Results will be shown in the results tab as shown in Fig 1.3 Figure 1.3 image retrieved from (Zorac - my oracle home: EXTRACTING INFORMATION FROM REDO LOGS WITH LOGMINER Retrieved 6/17/2011, 2011, from http://jzorac.blogspot.com/2010/04/extracting-information-from-redo-logs.html) Moreover, a forensic tool kit is also a powerful tools used for retrieving data from a database. However, this tool also requires some steps to follow. The steps are as follows (LIVE FORENSICS: FORENSIC TOOL: ENCASE OR FTK): First Step: The first step involves the collection of data from the database or any other possible location. Second Step: The second step includes preservation i.e. replication of data that was gathered in step 1. Likewise, the verification of data is conducted by ‘MD5’ and ‘SHA -1’ algorithm techniques. Third Step: This step analyzes and extracts the recovered data on the screen nu filtering and searching. Fourth Step: At the end the FTK provide options to produce a customized report of data recovery. Conclusion By analyzing all the functions of a powerful forensic tool named as ‘Logminer’, data can be retrieved to an extent. However, data files that are overwritten cannot be retrieved. ‘Logminer’ has several dictionaries that can be used along with certain commands, according to the nature of data to be retrieved. Moreover, forensic tool kit also provides efficient data recovery by encompassing several steps. Future Work In future, online labs providing testing environment will facilitate students. Moreover, these tools must also integrate these functions: Decryption tools Volatile data analysis Gaining information from operating system’s log files Retrieving passwords / cracking passwords Tracking hidden data References Application of LogMiner in no.1 military medical project-- Chinese medical equipment Journal 2008 Retrieved 6/6/2011, 2011, from http://en.cnki.com.cn/Article_en/CJFDTOTAL-YNWS200810016.htm Pucciani, G., Domenici, A., Donno, F., & Stockinger, H. (2010). A performance study on the synchronisation of heterogeneous grid databases using CONStanza Future Generation Computer Systems, 26(6), 820 834. doi:10.1016/j.future.2010.03.001 Case_LogMiner.pdf (application/pdf object) Retrieved 6/6/2011, 2011, from http://oraclepoint.com/oralife/mnt/w0807/d24/s36/b02ab542/www/oraclepoint.com/oralife/wp-content/uploads/2007/07/Case_LogMiner.pdf TOO CLEVER FOR WORDS: ORACLE9I LOG MINER - ORACLE. (n.d.). Retrieved from http://blogold.chinaunix.net/u/3787/showart_26417.htm Using LogMiner to analyze redo log files Retrieved 6/16/2011, 2011, from http://download.oracle.com/docs/cd/B19306_01/server.102/b14215/logminer.htm LIVE FORENSICS: FORENSIC TOOL: ENCASE OR FTK Retrieved 6/16/2011, 2011, from http://liveforensic.blogspot.com/2009/09/forensic-tool-encase-or-ftk.html DBAsupport.com : Oracle 9i central : Striking gold with LogMiner - part 1: Getting started Retrieved 6/17/2011, 2011, from http://www.dbasupport.com/oracle/ora9i/logminer01.shtml Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Investigation Forensics : how to find evidences from oracle data base Research Paper”, n.d.)
Retrieved from https://studentshare.org/family-consumer-science/1424666-investigation-forensics-how-to-find-evidences-from
(Investigation Forensics : How to Find Evidences from Oracle Data Base Research Paper)
https://studentshare.org/family-consumer-science/1424666-investigation-forensics-how-to-find-evidences-from.
“Investigation Forensics : How to Find Evidences from Oracle Data Base Research Paper”, n.d. https://studentshare.org/family-consumer-science/1424666-investigation-forensics-how-to-find-evidences-from.
  • Cited: 0 times

CHECK THESE SAMPLES OF Investigation Forensics - How to Find Evidence from Oracle Data Base

Investigative Report Writing. Randy Odleman Murder Investigation

We found a trail of blood from the back porch of the rooming house to the location of the dead body, 50 feet away.... … On Friday February 17, 2012 just after midnight, we received a phone call from one Bob Smith of Maiden Lane, Raleigh concerning a murder: The murder of Randy Odleman had taken place in Room H, along Maiden Lane, Raleigh.... The deceased had a criminal record from 2 years ago – for the Possession of a Controlled Substance with Intent to Manufacture, Sell, or Deliver – and another charge of Assault on a Female victim one year ago....
12 Pages (3000 words) Term Paper

Database Forensics and Auditing

After describing these terms, we will incorporate Microsoft Log miner tool for collecting forensic evidence from a database and for auditing or reviewing database current state, SQL auditing will be incorporated.... This paper ''Database Forensics and Auditing'' has focus on the definition of database forensic and database auditing, the regulation under database auditing, the meaning of data Access Auditing, and data Monitoring by analyzing some of their features....
8 Pages (2000 words) Report

The History of Computer Forensics

The base computer forensics is recovering data from floppy disks, hard drives, and removable drive cartridges.... hellip; As computer evolved out of academic to business and government, there was more data and resource at risk.... Mostly, computer forensics experts investigate data storage devices, either fixed like hard disks or removable like compact disc and solid-state devices.... s computer evolved out of academic to business and government, there was more data and resource at risk....
24 Pages (6000 words) Essay

Enquiring Into Healthcare Practice

nbsp; … The initial chapter will be the introduction where the reader will be advised of what they might expect from each one.... The three selected articles appraise the subject of stress and burnout in forensic nurses from different angles.... Clifford (1997) also goes on to state that critical analysis also helps to practice nurses think about how study findings can be used and, sometimes, actually to plan a utilization projectChapter five will look at all the research from the literature review and discuss the three articles in the context of wider literature and issues....
10 Pages (2500 words) Essay

The Use of Polygraph Testing as Evidence

The test measures physiological data from three or more systems of the human body- generally, the respiratory, cardiovascular, and sweat gland systems-but not the voice.... The validity of the polygraph testing to be used as an evidence has been questioned by many scientists who made several studies on the matter saying that it is not a reliable means of knowing if someone is telling the truth or not.... This proposal led to a legislative mandate legalizing the function of polygraph tests in Under these two conflicting issues, the question still remains, is the use of polygraph testing a sufficient evidence to pin down a suspicious character?...
9 Pages (2250 words) Essay

Invistigation Forensics : how to find evidence from an oracle data base

Since many employees, in one way or other, are connected and involved in… Thus, proper data integration and developing a contingency plan for the precise recovery of past data have become inevitable. ... Thus, proper data integration and developing a contingency plan for the precise recovery of past data have become inevitable.... Subsequently, the LogMiner's transformation, interpretation and authenticity of Time Stamp data type were focused on....
2 Pages (500 words) Research Paper

Investigation of Crytolocker: Trace Analysis With Wireshark and Windows 2003 Server

his software, therefore, does the encoding of data and therefore there is the only access to the information by the authorized people.... The image below shows the data encryption process (Richard, 2013).... ne factor that is worth noting is that they are developed so that the promiscuous persons can solicit some money from the people with the computers that have been affected by the virus.... It s software that gets into a computer system and then bars the owner of the computer from accessing the services or the system until a ransom is paid (Kevin, 2012)....
18 Pages (4500 words) Coursework

How Police, Doctors and Philosophers Help to Solve Crimes

This enables police officers to acquire much-needed skills and knowledge from the multicultural learning facilities to restrain outlaw behaviors.... The author of "how Police, Doctors, and Philosophers Help to Solve Crimes" paper states that crime impacts everyone either indirectly through economic costs or directly as a victim.... The main police divisions are traffic, nationality and passport, a criminal investigation, emergency police, civil defense, prisons, trials and court-martials, and immigration....
5 Pages (1250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us