In this article explain how to Examine Evidence files using SQL Server Management Studio and ApexSQL DBA this two topic are explained.
Database Forensics Using SQL Server Management Studio
Windows Event Viewer records all the events that occur on a system. In conjunction with the system logs, the application also records the 1v15SQL logs at an instance of a login attempt failure, or a SQL Server initiation/shutdown.
Therefore, examining the windows event logs help forensic investigators to examine the logs and determine any false login records on the event viewer.
Related Product : Computer Hacking Forensic Investigator | CHFI
SQL Server Management Studio (SSMS):
SQL Server Management Studio (SSMS) is an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server and Azure SQL Database. 5515 combines a group of graphical tools with script editors to provide access to SQL Server to developers and administrators of all skill levels.
Forensic investigators need to have good knowledge of how to use various functions (such as dbcc tog, fn_dblog, etc.) in the SSMS to view and analyze the logs in plain text format,
As discussed in the above slides, both Windows Event Viewer and SQL Server Management Studio help a forensic examiner in investigating the SQL Server databases. Along with these applications, forensic investigators use some other database management and monitoring tools such as ApexSQL DBA, SQLite Database Browser, Adminer, etc. to perform a forensic investigation on SQL Server databases.
SQL Server Server Management is an advanced development environment that permits us to config-ure, manage and administrate SQL Server database engines. SSMS is extremely popular and widely used by the database developers and administrators due to the subsequent advantages:
- Cost-free
- Advanced user experience
- Various add-in options
- Easy installation SQL Server Management Studio may be a workstation component\client tool which will be in-stalled if we select workstation component in installation steps. this allows you to connect to and manage your SQL Server from a graphical interface instead of having to use the instruction. In order to connect to a remote instance of an SQL Server, you’ll need this or similar software. it’s used by Administrators, Developers, Testers, etc.
Also Read : Determine the Database Evidence Repositories and Collect the Evidence files
Database Forensics Using ApexSQL DBA
ApexSQL DBA
ApexSQL Audit:
ApexSQL Audit is a SQL Server auditing tool, which provides auditing access, changes, and security on SQL Server instances, databases, and objects. It audits queries. DDL and DML operations, security events (authentication changes, permissions changes, and attempted logins), events on stored procedures and functions. ApexSQL Audit saves captured information in a centralized auditing repository and provides comprehensive reports.
Analyzing the volatile data with ApexSQL Audit helps forensic investigators gain insight on the login activities, the client connected to the server and the database on which the transactions occurred.
ApexSQL Log:
ApexSQL Log is an auditing and recovery tool for SQL Server databases that reads database transaction logs and audits, reverts or replays data and object changes affecting the database. It restores updated or missing data and objects, and captures information on the user, application, and host used to make each change.
Forensic investigators use SQL transaction log reader for forensic auditing and rollback of malicious or inadvertent database charges.
Questions related to this topic
- How do I audit a SQL database?
- How do you create a database audit specification?
- How do I create an audit log in SQL Server?
- How do I know if SQL Server audit is enabled?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com