“What Kevvie Fowler has done here is truly amazing: He has defined, established, and documented SQL server forensic methods and techniques, exposing readers to an entirely new area of forensics along the way. This fantastic book is a much needed and incredible contribution to the incident response and forensic communities.”
—Curtis W. Rose, founder of Curtis W. Rose and Associates and coauthor of Real Digital Forensics
The Authoritative, Step-by-Step Guide to Investigating SQL Server Database Intrusions
Many forensics investigations lead to the discovery that an SQL Server database might have been breached. If investigators cannot assess and qualify the scope of an intrusion, they may be forced to report it publicly–a disclosure that is painful for companies and customers alike. There is only one way to avoid this problem: Master the specific skills needed to fully investigate SQL Server intrusions.
In SQL Server Forensic Analysis, author Kevvie Fowler shows how to collect and preserve database artifacts safely and non-disruptively; analyze them to confirm or rule out database intrusions; and retrace the actions of an intruder within a database server. A chapter-length case study reinforces Fowler’s techniques as he guides you through a real-world investigation from start to finish.
The techniques described in SQL Server Forensic Analysis can be used both to identify unauthorized data access and modifications and to gather the information needed to recover from an intrusion by restoring the pre-incident database state.
Determining whether data was actually compromised during a database intrusion and, if so, which data
Real-world forensic techniques that can be applied on all SQL Server instances, including those with default logging
Identifying, extracting, and analyzing database evidence from both published and unpublished areas of SQL Server
Building a complete SQL Server incident response toolkit
Detecting and circumventing SQL Server rootkits
Identifying and recovering previously deleted database data using native SQL Server commands
SQL Server Forensic Analysis is the first book of its kind to focus on the unique area of SQL Server incident response and forensics. Whether you’re a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, auditor, or database professional, you’ll find this book an indispensable resource.