SQL Server Forensics 2.0

Many forensics investigations lead to the discovery that a SQL Server database might have been breached. If investigators cannot assess and qualify the scope of an intrusion, they may be forced to report it publicly – a disclosure that is painful for companies and customers alike. There is only one way to avoid this problem: Learn the skills needed to qualify and investigate SQL Server intrusions. This session will provide you an overview of how to collect and preserve artifacts from the published and unpublished repositories of Microsoft SQL Server and how these artifacts can be analyzed to confirm or discount a database intrusion. We’ll also review techniques that can be used to qualify the actions that were performed by an unauthorized database user.