Owning database forensics

Call it the bank-robber principle: if you can't stop them getting in, catch them on the way out. Internationally renowned database security expert David Litchfield is turning his attention away from vulnerability research to build a forensics suite for compromised database systems.

"There's always going to be a new bug out there that allows someone to own (successfully attack) your system," he says. "If we make the assumption that at some point, somewhere, you're going to get owned, the next best thing we can do is attempt to find out who did it and stick them in jail."

The security researcher, who is best known for finding vulnerabilities in database software made by Microsoft and Oracle Corporation, is working on a forensics tool named FEDS - the Forensic Examiners' Database Scalpel.

At the annual AusCERT computer crime survey on the Gold Coast last week, Litchfield, who works for British-based NGS Software, told Next that tools for conducting a post-compromise analysis on databases are conspicuously absent from forensic specialists' toolkits.