Index

A

Abnormal statement execution, 163–164

ACID model, 11–12

Active connections, collection of, 115, 160

Active sessions, collection of, 115, 160

Active unauthorized SQL server connections, 156

abnormal statement execution, 163–164

foreign IP addresses, 160

nonstandard database endpoint usage, 162–163

nonstandard SQL clients, 160–161

suspicious logins, 161–162

Active VLFs, 70–71

analysis of, 282–306

in case study, 416–421

collection of, 184–188

recovering deleted data from, 345–349

Activity reconstruction

of cached database statements, 277–281

in case study, 411–421

of data cache, 274–277

data recovery, 340–356

of DML operations (active VLFs), 282–306

of DML operations (reusable VLFs), 306–317

identifying anomalies, 317–322

identifying injection ...

Get SQL Server Forensic Analysis now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.