**********************************************************************
Chapter 10 – Referenced syntax
**********************************************************************

SQL Server Forensic Analysis (SSFA)
by Kevvie Fowler 
ISBN: 0321544366
Copyright Pearson Education Inc. 2008


SSFA is an interactive book and if you are following along with chapter examples you can copy and paste the syntax found within this file to your local SQL Server instance. This will simplify your navigation of chapter examples.
---------


Page 368

-- Check the syslogins view to see if the EASYACCESS account exists
if not exists (select * from sys.syslogins where name = 'EASYACCESS')
-- If the EASYACCESS account is not returned from the view, create it
BEGIN
CREATE LOGIN EASYACCESS WITH PASSWORD = '19$@xLx3d0eP59$@Qa&*$'
USE SSFA;
CREATE USER EASYACCESS FOR LOGIN EASYACCESS
END

Page 370

USE master
if not exists (select name from sysdatabases where name = 'mssqlsystemresource-SSFA')
BEGIN
CREATE DATABASE [mssqlsystemresource-SSFA]
ON
(FILENAME = N'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Data\mssqlsystemresource-SSFA.mdf'),
(FILENAME = N'C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Data\mssqlsystemresource-SSFA.ldf')
FOR ATTACH
END

Page 390

IF EXISTS (SELECT name FROM sysobjects
WHERE name = 'DBSE_TrDf' AND type = 'U')
DROP TABLE [DBSE_TrDf]
GO
CREATE TABLE [dbo].[DBSE_TrDf](
[object] [varchar](max) NULL,
[Line] [varchar](max) NULL,
[SYNTAX] [varchar](max) NULL,
[Hash] [varchar](max) NULL
) ON [PRIMARY]
GO
IF EXISTS (SELECT name FROM sysobjects
WHERE name = 'DBSE_VcDf' AND type = 'U')
DROP TABLE [DBSE_VcDf]
GO
CREATE TABLE [dbo].[DBSE_VcDf](
[object] [varchar](max) NULL,
[Line] [varchar](max) NULL,
[SYNTAX] [varchar](max) NULL,
[Hash] [varchar](max) NULL
) ON [PRIMARY]

Page 391

--Generate hashes on imported definitions
UPDATE DBSE_TrDf set hash = CHECKSUM(syntax)
UPDATE DBSE_VcDf set hash = CHECKSUM(syntax)
--Identify object definition inconsistencies
SELECT trusted.object, trusted.line, trusted.syntax as 'trusted_syntax',
UnTrusted.syntax as 'untrusted_syntax', trusted.hash as 'trusted_hash', untrusted.hash
as 'untrusted_hash' from DBSE_TrDf trusted, DBSE_VcDf untrusted where trusted.object =
untrusted.object and trusted.line = untrusted.line and Trusted.hash <> UnTrusted.hash
order by object, line