Databases. You have them; attackers want them. It's where all the good stuff sits. Let's make sure we're defending them the best we can!
In this talk, we're going to introduce and/or improve database forensics in your incident response workflow. Only; we're not going to touch the database. Through analysis of various artifacts, we're going to show you how to build a timeline of attacker activity and discover what may have happened to your data while it was exposed. We're also going to release new research that can be used immediately to include database forensics in your next case.