SQL Server Forensic Analysis

Kevvie Fowler

  • 出版商: Addison Wesley
  • 出版日期: 2008-12-26
  • 售價: $1,730
  • 貴賓價: 9.5$1,644
  • 語言: 英文
  • 頁數: 512
  • 裝訂: Paperback
  • ISBN: 0321544366
  • ISBN-13: 9780321544360
  • 相關分類: MSSQLSQL
  • 立即出貨 (庫存 < 4)



“What Kevvie Fowler has done here is truly amazing: He has defined, established, and documented SQL server forensic methods and techniques, exposing readers to an entirely new area of forensics along the way. This fantastic book is a much needed and incredible contribution to the incident response and forensic communities.”

—Curtis W. Rose, founder of Curtis W. Rose and Associates and coauthor of Real Digital Forensics


The Authoritative, Step-by-Step Guide to Investigating SQL Server Database Intrusions


Many forensics investigations lead to the discovery that an SQL Server database might have been breached. If investigators cannot assess and qualify the scope of an intrusion, they may be forced to report it publicly–a disclosure that is painful for companies and customers alike. There is only one way to avoid this problem: Master the specific skills needed to fully investigate SQL Server intrusions.


In SQL Server Forensic Analysis, author Kevvie Fowler shows how to collect and preserve database artifacts safely and non-disruptively; analyze them to confirm or rule out database intrusions; and retrace the actions of an intruder within a database server. A chapter-length case study reinforces Fowler’s techniques as he guides you through a real-world investigation from start to finish.


The techniques described in SQL Server Forensic Analysis can be used both to identify unauthorized data access and modifications and to gather the information needed to recover from an intrusion by restoring the pre-incident database state.


Coverage includes

  • Determining whether data was actually compromised during a database intrusion and, if so, which data
  • Real-world forensic techniques that can be applied on all SQL Server instances, including those with default logging
  • Identifying, extracting, and analyzing database evidence from both published and unpublished areas of SQL Server
  • Building a complete SQL Server incident response toolkit
  • Detecting and circumventing SQL Server rootkits
  • Identifying and recovering previously deleted database data using native SQL Server commands


SQL Server Forensic Analysis is the first book of its kind to focus on the unique area of SQL Server incident response and forensics. Whether you’re a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, auditor, or database professional, you’ll find this book an indispensable resource.


「Kevvie Fowler在這本書中所做的事情真是令人驚嘆:他定義、建立和記錄了SQL Server數據庫取證的方法和技巧,同時向讀者揭示了一個全新的取證領域。這本出色的書對事件回應和取證社區來說是一個非常需要且令人難以置信的貢獻。」
——Curtis W. Rose,Curtis W. Rose and Associates創始人,以及《Real Digital Forensics》的合著者

《SQL Server Forensic Analysis》是一本權威的、逐步指南,用於調查SQL Server數據庫入侵。許多取證調查發現SQL Server數據庫可能已經遭到入侵。如果調查人員無法評估和確定入侵的範圍,他們可能被迫公開報告,這對公司和客戶來說都是痛苦的。避免這個問題的唯一方法是掌握全面調查SQL Server入侵所需的特定技能。

在《SQL Server Forensic Analysis》中,作者Kevvie Fowler展示了如何安全且不干擾地收集和保留數據庫證據;分析這些證據以確認或排除數據庫入侵;並追蹤入侵者在數據庫服務器中的行動。一個章節長的案例研究通過從頭到尾引導您進行一個真實世界的調查,加強了Fowler的技巧。

《SQL Server Forensic Analysis》中描述的技術既可以用於識別未經授權的數據訪問和修改,也可以用於收集恢復入侵前數據庫狀態所需的信息。

- 確定數據庫入侵期間是否實際受到損害,以及哪些數據受到損害
- 可應用於所有SQL Server實例的真實取證技術,包括具有默認日誌記錄的實例
- 從SQL Server的已發布和未發布區域識別、提取和分析數據庫證據
- 構建完整的SQL Server事件回應工具包
- 檢測和繞過SQL Server rootkit
- 使用本地SQL Server命令識別和恢復先前刪除的數據庫數據

《SQL Server Forensic Analysis》是第一本專注於SQL Server事件回應和取證的書籍。無論您是數字取證專家、事件回應團隊成員、執法人員、企業安全專家、審計師還是數據庫專業人士,您都會發現這本書是一個不可或缺的資源。」