8. Artifact Analysis I

As we reviewed in Chapter 4, SQL Server artifacts are collections of related SQL Server data. If you have already performed incident verification during an investigation, you will have acquired and performed limited analysis of selected SQL Server artifacts. Artifact analysis, however, involves a much more thorough analysis of collected data, which should produce results far beyond the scope of what was identified during incident verification. Artifact analysis is the final phase of the database forensics methodology and, upon completion, should provide you with an account of SQL Server activity on a victim system to support your investigation.

During the incident verification and artifact analysis phases, we ...

Get SQL Server Forensic Analysis now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.