SQL Server Forensic Analysis

B. SQL Server Incident Response Scripts

This appendix details the syntax of the SQL Server incident response (IR) scripts referenced throughout this book.

SSFA_DataCache.sql

---- Source: SQL Server Forensic Analysis-- Author: Kevvie Fowler-- Script: SSFA_DataCache.sql - Gathers SQL Server 2005 and 2008 data cache entries------ Verify if server is running SQL Server 2000; if so, gather data; otherwise, jump tonext version checkIF CONVERT(char(20), SERVERPROPERTY('productversion')) LIKE '8.00%'BEGIN---- Gather data cache entriesPRINT 'Sorry, this script does not support SQL Server 2000'---- Log and exit scriptGOTO LOG_EXITEND--ELSE---- Verify if server is running SQL Server 2005 or 2008IF ((CONVERT(char(20), SERVERPROPERTY('productversion')) LIKE '9.00%') OR ...

Get SQL Server Forensic Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Server Forensic Analysis by

B. SQL Server Incident Response Scripts

SSFA_DataCache.sql

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly