I’ve completed both of my presentations at the 2016 Techno Security and Forensics Investigation Conference (#technosecurity). If you were able to make it to one of my talks, thank you for choosing to spend your time with me. While my slides will be available from the conference site, I’m posting them here along with the scripts I used.
In the archive I’ve also included a second slide deck with scenarios to consider with respect to what I was discussing in the presentation. I used these scenarios for a SC Midlands ISACA class that was an extended version of the same presentation.
I’ve included the setup scripts, the queries I ran to audit SQL Server, and the clean-up scripts used in the demo. If you have a non-production SQL Server where you have sysadmin rights (Developer Edition is now free, BTW), these should all work for you.