| 摘要 |
The present invention relates to a digital evidence collecting method and, specially to a digital evidence collecting method for digital forensics which collects data, changed or deleted arbitrarily or intentionally by a user, from an Oracle database which is an analysis object within a warrant range. The digital evidence collecting method comprises: detecting specifications of queries executed by the user from a flashback database log file in order to delete or change data in tables after making access to the Oracle database via a master account detected in the Oracle database; and collecting evidence data, deleted or changed by the user, corresponding to the detected specifications of the queries. According to the present invention, the data specified in the Oracle database-arbitrarily or intentionally changed or deleted by the user- is easily and rapidly acquired within the warrant range though all the files included in the Oracle database are not acquired. [Reference numerals] (200) DB steam collecting system;(AA) Oracle database A;(BB) Oracle database B;(CC) Oracle database C;(DD) Oracle database D;(EE) Oracle database E;(FF) Oracle database F;(GG) Oracle database G;(HH) Oracle database H |
