4. SQL Server Artifacts
Today, databases store more data than ever before, and it’s not uncommon to encounter databases storing several terabytes (TB) of data. Attempting to acquire this vast amount of data in its entirety is often impractical—it would take days or weeks to acquire fully. Even after acquisition, attempting to analyze this data would be an onerous task. In fact, sometimes in situations involving copious amounts of data, only at the conclusion of your investigation do you discover that only a small subset of the acquired data was actually relevant.
SQL Server artifacts are simply collections of related SQL Server data. In this chapter, we walk through key artifacts and discuss how they benefit an investigation. This type ...
Get SQL Server Forensic Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
