I am using an SQL Server 2012 on windows datacenter 2012
I have encountered a situation where i think some virus/sql injection had heart my database,
Some data on my table had changed to weird link's and it was 100% not coming from my system,
I wish to know what is the best way to track the origin of this change,
Is there a way to look in the transactional logs and checek which ip/machine had changed a table ? and what were the changes ?
Thanks.
EDIT :
Maybe is there some software like fiddler\wireshark that can trace the sql queries that are being sent to a server ?
Best Answer
SQL Injection is hard to track from SQL Server side. If you want to find out who change what, then some sort of tracing should be running on your server.
If no tracing (custom one implemented by your company DBA or sysadmin) is running, then you can check
Above all are few areas to look into, but it will be difficult for you to corelate and find a pattern.
Best is to scan your web-server IIS error logs using tools like LogParser.
Additional References :