Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Should We Security Patch Oracle Databases?"] [Next entry: "Register for a Free Webinar with PFCLForensics for Breached Oracle Databases"]

PFCLForensics is released a tool for forensic analysis of a breached database

We have had a very busy year despite the Covid pandemic. I personally managed to catch covid last January and was very unwell for weeks with coviid and then many many weeks recovering after that. Then I managed to get problems with my kidneys that resulted in some surgery a couple of months ago. I am very well now. Despite these set backs we have written a new product to do live response and forensic analysis of a breached Oracle database and we made some major updates to one of our other products PFCLObfuscate to add new features as well as we added updates and fixes to other products as well

PFCLForensics showing a simple open project


Today we have released a new product - PFCLForensics. This is a product aimed at helping customers do three things in the event of a breach or potential breach of their Oracle database:

  • Manage the breach: with a built in check list of actions for the responder to follow. The product is project based so you can work on multiple breaches and tasks at the same time

  • Perform live response: with built in policies that allow the most transient data to be gathered first from an Oracle database or a Unix/Linux server. There are also built in policies to get less transient data from the breached systems. The product also allows files to be loaded that could be part of the breach and allow sthe user to define rules for their own file types and load additional data as necessary. The tool also takes checksums of each piece of data and validates those every time the project is loaded or on demand by the user to ensure that the raw data has not changed

  • Forensic analysis: with lots of built in tools. The user can filter and sort the input data gathered and look for issues related to the breach. Potential evidence can be added to the timeline for the attack and even comments added to each artefact. The timeline can be viewed as a drillable graph of evidence over time or a complete end to end graph of the even distinctly showing how the attack occurred. Supporting evidence can be added to a separate time line. The tool also includes a built in word processor and sample report template so that you can easily write your report and have direct access to evidence and artefacts as well as timelines. The timelines can also be sync'd to wall time easily so that all disparate evidence is correlated on the same time; each piece of evidence as it is added is also correlated with all previous evidence


This is a great tool to help follow a process if a breach occurs and also to collect and analyse and report on any breach that may have occurred. The product details start here and you can follow the links there to learn more. There is also a 2 page flyer that can be downloaded.

Our engagement licenses are the best value for 30 days and just £145 per product. Contact us to purchase a license or to ask to see a demo before buying.