SQL (2000, 2005, 2008)

 
Microsoft SQL Server (2000, 2005, 2008)
Editions: MSDE\SQL Server Express | Developer | Workgroup | Standard | Enterprise

• SQL Server Forensic Analysis | The Authoritative, Step-by-Step Guide to Investigating SQL Server Database Intrusions - Kevvie Fowler,

•  Forensic Analysis of a SQL Server 2005 Databse Server | SANS Application Security Institue | April 2007 - Kevvie Fowler,

• SQL Server Forensics 2 | AppSec Asia | November 2009 - Kevvie Fowler,

• To Cache a Thief -- Using database caches to detect SQL injection attacks | SecTor | October 2009 - Kevvie Fowler, 

• SQL Server Anti-Forensics | Black Hat DC | February 2009 - Cesar Cerrudo

• Double Trouble: SQL Server Rootkits and Encryption | SecTor | October 2008 - Kevvie Fowler, 

• SQL Server Forensics | SecTor | November 2007 - Kevvie Fowler,

• SQL Server Forensics | Black Hat USA | August 2007 - Kevvie Fowler,

• Hypnosis | A cache-based attack detection utility that can be used to confirm successful attacks against SQL Server 2005 and 2008 servers - Kevvie Fowler,

• SQL Server incident response scripts | Pre-developed SQL scripts that automate the acquisition and ease the analysis of SQL Server artifacts - Kevvie Fowler,

• RktDetection.sql | Pre-devleoped SQL Server rootkit detection script - Kevvie Fowler, 

• Windows Forensic Toolchest SQL v3.X | Automated Live-Windows framework which automates the execution of pre-developed SQL Server incident response scripts and hashes input scripts and associated results to maintain data integrity - Monty McDougal, Foolmoon Software & Security and Kevvie Fowler,

• Microsoft SQLCMD | Ad-hoc command line SQL query tool. This tool is mandatory for any SQL Server investigation and is covered in depth within SQL Server Forensic Analysis  - Microsoft