SQL Server Forensic Analysis [Paperback]

“What Kevvie Fowler has done here is truly amazing: He has defined, established, and documented SQL server forensic methods and techniques, exposing readers to an entirely new area of forensics along the way. This fantastic book is a much needed and incredible contribution to the incident response and forensic communities.”

—Curtis W. Rose, founder of Curtis W. Rose and Associates and coauthor of Real Digital Forensics

The Authoritative, Step-by-Step Guide to Investigating SQL Server Database Intrusions

Many forensics investigations lead to the discovery that an SQL Server database might have been breached. If investigators cannot assess and qualify the scope of an intrusion, they may be forced to report it publicly–a disclosure that is painful for companies and customers alike. There is only one way to avoid this problem: Master the specific skills needed to fully investigate SQL Server intrusions.

In SQL Server Forensic Analysis, author Kevvie Fowler shows how to collect and preserve database artifacts safely and non-disruptively; analyze them to confirm or rule out database intrusions; and retrace the actions of an intruder within a database server. A chapter-length case study reinforces Fowler’s techniques as he guides you through a real-world investigation from start to finish.

The techniques described in SQL Server Forensic Analysis can be used both to identify unauthorized data access and modifications and to gather the information needed to recover from an intrusion by restoring the pre-incident database state.

Coverage includes

• Determining whether data was actually compromised during a database intrusion and, if so, which data
• Real-world forensic techniques that can be applied on all SQL Server instances, including those with default logging
• Identifying, extracting, and analyzing database evidence from both published and unpublished areas of SQL Server
• Building a complete SQL Server incident response toolkit
• Detecting and circumventing SQL Server rootkits
• Identifying and recovering previously deleted database data using native SQL Server commands

SQL Server Forensic Analysis is the first book of its kind to focus on the unique area of SQL Server incident response and forensics. Whether you’re a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, auditor, or database professional, you’ll find this book an indispensable resource.

Kevvie is also the founder of Ring Zero, a research and consulting company that focuses on the security and forensic analysis of Microsoft technologies. In addition to Ring Zero, Kevvie owns and maintains the applicationforensics.com Web site, which he hopes to grow into the leading source of application forensics information on the Internet.

Kevvie is a frequent presenter at leading information security conferences such as Black Hat and SecTor. He is a GIAC Gold Certified Forensic Analyst (GCFA) and Certified Information System Security Professional (CISSP), and he holds several Microsoft certifications, including MCTS, MCDBA, MCSD, and MCSE. Kevvie is also a member of the High Technology Crime Investigation Association (HTCIA).