|
-
Forensics
I have an internal database that is used for small internal applications. It is nothing critical, so security is not very tight on it, everyone logs in as sa.
Today a bunch of tables suddenly had zero record count. The person mainly responsible for the application had just been put on probation for lack of effort... Just enough tables were emptied to disable the application, but since the one main table was left untouched, everything can be rebuilt.
My question is, what traces should I be looking for to help me determine if this guy did it himself, so that he can look like a hero when he stays here all night to 'fix' it. I have the trasaction log. NT2000 system log and almost everything else. Any help would be great. I really do hope that he did not do it.
Thanks
Steve
-
If everybody has a SA right it is very diffcult to trace.
u can download Log explorer and get more info. www.lumigent.com
u can check SQL Server error log, NT log for time that happened after using Log explorer and fin when it happened.
Goodluck.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote