SQL Server Incident Response Scripts

 
SQL Server Incident Response (IR) Scripts

The following pre-developed SQL Server incident response scripts will automate the collection of various SQL Server artifacts.  These IR scripts were created for use with the techniques and tools covered in SQL Server Forensics Analysis. However these scripts can be used outside of the book.  Each script contains a brief description however script related questions can be asked within the forums section of this website or answered by reading SQL Server Forensic Analysis.

1. SSFA_DataCache.sql
2. SSFA_ClockHands.sql
3. SSFA_PlanCache.sql
4. SSFA_RecentStatements.sql
5. SSFA_Connections.sql
6. SSFA_Sessions.sql
7. SSFA_TLOG.sql
8. SSFA_DbObjects.sql
9. SSFA_Logins.sql 
10. SSFA_Databases.sql
11. SSFA_DbUsers.sql
12. SSFA_Triggers.sql
13. SSFA_Jobs.sql
14. SSFA_JobHistory.sql
15. SSFA_Configurations.sql
16. SSFA_CLR.sql
17. SSFA_Schemas.sql
18. SSFA_EndPoints.sql
19. SSFA_DbSrvInfo.sql
20. SSFA_AutoEXEC.sql
21. SSFA_TimeConfig.sql

A zipped archive of all 21 scripts can be downloaded here