Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Final year project

No description
by

Pooja Dalvi

on 7 March 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Final year project

Database Forensics in Oracle Existing Systems Attack on the database:
The attack we are going to consider in our project is Privilege Escalation. Privilege escalation attacks consist of exploiting a bug or design flaw in a software application to gain access to resources which normally are protected from an application or user.
The method used for database forensics for our attack on the bank database in ORACLE will be using audit logs. The ORACLE database Server provides a fairly robust set of auditing capabilities. Proposed System Scope Geetika Chauhan 100911
Pooja Dalvi 100912
Anusha Rampally 100945 Design In the current scenario many companies and banks use Oracle database as it is user friendly, and provides easy data querying.
Electronic data is being stolen in record amounts, and criminals are constantly devising sophisticated tools to breach your Oracle firewall.
In our project we will be making an application for banks which detects attack on the vulnerability of the oracle architecture Outline Online Banking has become popular due to convenience of use for both banks and customers Customers tend to believe that Internet banking is quite safe In reality, this sense of security might be false
The possible attacks on a bank database can be as follows- In our project we will be attacking the database and tracing the back the attacker using the audit logs in Oracle. But, we are not focussing on preventing the attack instead we are just focussing on the attacked system and hence detecting tampering of data by tracing back the IP address. E-R Diagram Flowcharts How will the Attack occur? Database forensics Hardware Requirement
Oracle PC Minimum Hardware Requirements:

Physical memory (RAM) : 512 MB recommended
Temp disk space : Hard disk space 1.5 GB

Oracle Database management system is required to be installed.

PHP is used for creating forms Hardware and Software Requirements Conclusion Introduction
Existing Systems
Proposed System
Scope
Design
-ER-diagram
-Flowchart
Hardware and Software Requirements
Conclusion Literature survey was successfully done which consisted of analyzing the technical papers, the study of the existing systems.
Based on that the scope of the project was defined.The flowchart and the ER diagram gave a better understanding of the design of the modules.
Complete report was made .
Oracle’s first form of auditing is a subsystem which can be used to record failed and successful attempts on the server. Recording connection attempts is useful in being able to discover. Who is attempting to connect to the database?
When an attack has occurred?
Whether the attack was successful or not? Thank You! DB Audit trail SYS.AUD$ What is Forensics? Introduction Forensics is a science dedicated to the methodical gathering and analysis of evidence to establish facts.

Though crime scenes and labs are perhaps most often associated with forensics, computer or network forensics, forensic accounting,database forensics, forensic engineering and forensic psychiatry are among other specialized fields. What is Computer Forensics? Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media.
The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. What is Database Forensics? Database Forensics is a branch of digital forensic science relating to the forensic study of databases and their related metadata.
A forensic examination of a database may relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user.
Alternatively, a forensic examination may focus on identifying transactions within a database system or application that indicate evidence of wrongdoing, such as fraud. Block Diagram Levels of Audit options Statement Object
Privilege Brute force attack
Distributed attack
Exploiting Pin calculators
Privilege Escalation Our project consists of the following phases- AUD$ records IP when session auditing is enabled Different users will have different views of the database in the front end. An intruder attacks the database and tampers it. After an intruder has tried tampering the data, provide a trace back to the intruder's IP address using the audit logs created. Make a database framework, which will be for a Banking enterprise. A private network will be set up for this application. Group-9 References 1. The Database Hacker's Handbook: Defending Database Servers
by David Litchfield et al.
John Wiley & Sons © 2005

2. The Oracle Hacker's Handbook: Hacking and Defending Oracle
by David Litchfield
John Wiley & Sons 2007

3. A Forensic Investigation of PL/SQL Injection Attacks in Oracle
1st July 2010
David Litchfield
published in Black Hat conference
http://www.v3rity.com/OracleForensicsInvestigatingPLSQLInjection.pdf


4. Guidelines for Auditing and Logging Department of Information Technology Ministry of Communications and Information Technology Government of India Version 2 Date: 31st December 2008.
Full transcript