PAPERS
THE SIXTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE
Print ISBN 978-85-65069-07-6 - Online ISBN 978-85-65069-05-2, pp 190-194
DOI: 10.5769/C2011022 and http://dx.doi.org/10.5769/C2011022
Finding Detached Microsoft SQL Server Database Files
By Fábio Caús Sícoli, and André Morum de Lima Simão
To download this paper, click here.
ABSTRACT
During the execution of a search warrant, one may try to hamper law enforcement officials by hiding database artifacts. One way this can be done is by detaching a given database, which will drop all its metadata and make it invisible to the DBMS. This paper describes Microsoft SQL Server's database files and presents an algorithm capable of finding and extracting metadata from those files still present in the file system, in order to be scrutinized by forensics teams.
KEYWORDS
Database, forensics, anti-forensics, MS SQL Server, detachment
To return to the "Published Papers" main page, click here.