HOME    SCOPE    VENUE    COMMITTEE    GUIDELINES    AWARD    PAPERS     CONFERENCES
PAPERS
THE SIXTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE

Print ISBN 978-85-65069-07-6 - Online ISBN 978-85-65069-05-2, pp 190-194
DOI: 10.5769/C2011022 and http://dx.doi.org/
10.5769/C2011022


Finding Detached Microsoft SQL Server Database Files


By Fábio Caús Sícoli, and André Morum de Lima Simão




To download this paper, click here.
ABSTRACT

During the execution of a search warrant, one may try to hamper law enforcement officials by hiding database artifacts. One way this can be done is by detaching a given database, which will drop all its metadata and make it invisible to the DBMS. This paper describes Microsoft SQL Server's database files and presents an algorithm capable of finding and extracting metadata from those files still present in the file system, in order to be scrutinized by forensics teams.




KEYWORDS

Database, forensics, anti-forensics, MS SQL Server, detachment



To return to the "Published Papers" main page, click here.