Brain Candy Sale

Special Offers see all

Enter to WIN a $100 Credit

Subscribe to
for a chance to win.
Privacy Policy

Visit our stores

    Recently Viewed clear list

    The Powell's Playlist | September 25, 2015

    Caitlin Doughty: IMG Caitlin Doughty's Playlist for Smoke Gets in Your Eyes

    The soundtrack perfectly suited to facing your own mortality. ("My Way," "Wind beneath My Wings," and other popular funeral songs need not apply.)... Continue »
    1. $11.17 Sale Trade Paper add to wish list


This item may be
out of stock.

Click on the button below to search for this title in other formats.

Check for Availability
Add to Wishlist

This title in other editions

SQL Server Forensic Analysis

SQL Server Forensic Analysis Cover


Synopses & Reviews

Publisher Comments:

“What Kevvie Fowler has done here is truly amazing: He has defined, established, and documented SQL server forensic methods and techniques, exposing readers to an entirely new area of forensics along the way. This fantastic book is a much needed and incredible contribution to the incident response and forensic communities.”

—Curtis W. Rose, founder of Curtis W. Rose and Associates and coauthor of Real Digital Forensics


The Authoritative, Step-by-Step Guide to Investigating SQL Server Database Intrusions


Many forensics investigations lead to the discovery that an SQL Server database might have been breached. If investigators cannot assess and qualify the scope of an intrusion, they may be forced to report it publicly–a disclosure that is painful for companies and customers alike. There is only one way to avoid this problem: Master the specific skills needed to fully investigate SQL Server intrusions.


In SQL Server Forensic Analysis, author Kevvie Fowler shows how to collect and preserve database artifacts safely and non-disruptively; analyze them to confirm or rule out database intrusions; and retrace the actions of an intruder within a database server. A chapter-length case study reinforces Fowler’s techniques as he guides you through a real-world investigation from start to finish.


The techniques described in SQL Server Forensic Analysis can be used both to identify unauthorized data access and modifications and to gather the information needed to recover from an intrusion by restoring the pre-incident database state.


Coverage includes

  • Determining whether data was actually compromised during a database intrusion and, if so, which data
  • Real-world forensic techniques that can be applied on all SQL Server instances, including those with default logging
  • Identifying, extracting, and analyzing database evidence from both published and unpublished areas of SQL Server
  • Building a complete SQL Server incident response toolkit
  • Detecting and circumventing SQL Server rootkits
  • Identifying and recovering previously deleted database data using native SQL Server commands


SQL Server Forensic Analysis is the first book of its kind to focus on the unique area of SQL Server incident response and forensics. Whether you’re a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, auditor, or database professional, you’ll find this book an indispensable resource.

About the Author

Kevvie Fowler is the Director of Managed Security Services at TELUS Security Solutions, where he is responsible for the delivery of specialized security, incident response, and forensic services. In addition to authoring SQL Server Forensic Analysis, he is contributing author of How to Cheat at Securing SQL Server 2005 (Syngress, 2007) and The Best Damn Exchange, SQL, and IIS Book Period (Syngress, 2007).


Kevvie is also the founder of Ring Zero, a research and consulting company that focuses on the security and forensic analysis of Microsoft technologies. In addition to Ring Zero, Kevvie owns and maintains the Web site, which he hopes to grow into the leading source of application forensics information on the Internet.


Kevvie is a frequent presenter at leading information security conferences such as Black Hat and SecTor. He is a GIAC Gold Certified Forensic Analyst (GCFA) and Certified Information System Security Professional (CISSP), and he holds several Microsoft certifications, including MCTS, MCDBA, MCSD, and MCSE. Kevvie is also a member of the High Technology Crime Investigation Association (HTCIA).

Table of Contents



Chapter 1: Introduction to Databases

Chapter 2: SQL Server Fundamentals

Chapter 3: SQL Server Forensics

Chapter 4: SQL Server Artifacts

Chapter 5: SQL Server Investigation Preparedness

Chapter 6: Incident Verification

Chapter 7: Artifact Collection

Chapter 8: Data Analysis I

Chapter 9: Data Analysis II

Chapter 10: SQL Server Rootkits

Chapter 11: SQL Server Forensic Investigation Scenario

Appendix A: Installing SQL Server 2005 Express Edition with Advanced Services on Windows

Appendix B: SQL Server Incident Response Scripts



Product Details

Addison-Wesley Professional
Internet - Security
Fowler, Kevvie
Computer crimes
Computer crimes -- Investigation.
Internet - General
Edition Description:
Trade paper
Publication Date:
December 2008
Grade Level:
Professional and scholarly
9.24 x 7 x 0.985 in 769 gr

Related Subjects

Computers and Internet » Computer Languages » SQL
Computers and Internet » Database » SQL
Computers and Internet » Internet » General
Computers and Internet » Internet » Information
Computers and Internet » Networking » Computer Security
History and Social Science » Crime » Forensics and Evidence
History and Social Science » Crime » True Crime

SQL Server Forensic Analysis
0 stars - 0 reviews
$ In Stock
Product details 512 pages Addison-Wesley Professional - English 9780321544360 Reviews:
  • back to top


Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at