SQL Forensics

Anatomy of database forensics investigation

Databases are critical assets and hold more sensitive information than previously. Database Forensics is the application of computer investigation and analysis techniques to gather database evidence suitable for presentation i n a court of law.This can help

Determine the scope of database intrusion
Prove whether there was a security breach
Retrace a users steps both Data Manipulation Language (DML) and Data Definition Language (DDL) operations
Recover deleted rows

The stages of this methodology are
Step 1 Determine the scope of evidence to be collected
Step 2 Evidence Collection
The key types of details to collect are

Transaction logs
SQL Server error logs
System event logs
Trace files
Collect transient data such as logins, active requests, active users, buffer, sessions and connections

Step 3 Evidence Analysis

A book SQL Server Forensic Analysis by Kevvie Fowler sets out the the Authoritative, Step-by-Step Guide to Investigating SQL Server Database Intrusions

	Facebook Connect with friends
	Flickr Photo sharing
	RSS News
	YouTube Share your videos
	Goggle maps Journey planning
	Twitter Stay connected

SQLToolkit

Tools

Paradigms

SQL Forensics

Site Search

Social Networking

Facebook

Flickr

RSS

YouTube

Goggle maps

Twitter

Chronology

News