During a forensic investigation, a digital investigator tracks an intruder’s actions on a system until “it” happens—the investigator identifies that the intruder has, indeed, accessed the database. The database server stores sensitive financial information, but it is configured with default database logging and no third-party logging solution is in place. Even though the investigator identified that the database was accessed, he is now left to wonder: What actions did the intruder perform within the database server? Was credit card data accessed? Was anything modified?

This scenario is an all-too-familiar one, which usually leaves investigators staring into a black hole, desperately needing a way to determine which actions an intruder ...

Get SQL Server Forensic Analysis now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.