SQL Server Database Forensics

Expo Theatre (Hall G) - Feedback     

Bookmark and Share

Kevvie Fowler

Databases are the single most valuable asset a business owns. Databases store and process critical financial, healthcare and HR data, yet businesses place very little focus on securing and logging the underlying database transactions. As well, in an effort to trim costs, many organizations are consolidating several databases on to single mission critical systems which are frequently targeted by attackers.

With large data security breaches occurring at an alarming rate, several database logging tools have been released in the industry, however adoption of these products is slow leaving these mission critical systems vulnerable and ill-equipped for traditional forensic analysis.

Database forensics is a relatively unknown area of digital investigation but critical to investigating data security breaches. There is very limited information available today on this subject and, at the time of this writing, no known information targeting SQL Server 2005 forensics. This presentation provides attendees a ‘real world’ view into SQL Server 2005 forensics. How to gather evidence from hidden database repositories using forensically sound practices, and the investigation pitfalls to avoid.