Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


MS SQL Forensics?
.

  • To: <[EMAIL PROTECTED]>
  • Subject: MS SQL Forensics?
  • From: "Mark G. Spencer" <[EMAIL PROTECTED]>
  • Date: Thu, 21 Aug 2003 10:24:49 -0700
.
 
I'm not much of a database guru and I've come across a case where it looks
like a standard Microsoft SQL database user account has had its privileges
escalated by an intruder (cable modem user) and subsequently bad stuff
(source code theft) occurred. 

I have archived the MSSQL/Data and MSSQL/Data/Backup folders from the
machine in question.  In those folders I have a variety of .LDF and .MDF
files.  My limited understanding is that in these database files should be
contained diagnostic information, such as when various updates to objects
such as user accounts were modified and by what IP address?

I'm looking for suggestions on how to best get at all the log style
information out of these files for review.  Are there any special tools to
assist here?  Would I have to rebuild the databases on a fresh MS SQL
server?

Thanks for the advice,

Mark G. Spencer
Computer Forensics Examiner
EvidentData, Inc.
Web: http://www.evidentdata.com   


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.