While the previous sections discussed proactive security measures, such as the granting of permissions and role-based security, there is also a time and a place for retroactive security measures. In the growing field of computer forensics, data collected during an attack becomes invaluable in determining the chain of events involved and learning the extent of the attack. In Oracle, the primary forensic tool available to us is auditing. Auditing is the act of recording a historical chain of events for various operations that take place in the database. Auditing plays an important part in satisfying one of the key principles of computer security. It states that every action that occurs should be traceable to one and only one ...