Restore SQL Database from MDF file

For ex., if you have northwind.mdf file, you can create a 

database with the following statement:
 

USE master
GO
CREATE DATABASE northwind
ON 
( NAME = northwind_dat,
   FILENAME = 'd:\Program Files\Microsoft SQL Server\Data\northwind.mdf',
   SIZE = 10,
   MAXSIZE = 50,
   FILEGROWTH = 5 )
LOG ON
( NAME = northwind_log,
   FILENAME = 'd:\Program Files\Microsoft SQL Server\Data\northwind.ldf',
   SIZE = 5MB,
   MAXSIZE = 25MB,
   FILEGROWTH = 5MB )

GO

Restoring SQL Server databases from .mdf files

Method One

@ Reinstall SQL Server and create a database with the same physical file name as the .mdf file that you have. For example, if you have northwind.mdf file, create a database with the following statement:

USE master
GO
CREATE DATABASE northwind
ON 
( NAME = northwind_dat,
   FILENAME = 'd:Program FilesMicrosoft SQL ServerDatanorthwind.mdf',
   SIZE = 10,
   MAXSIZE = 50,
   FILEGROWTH = 5 )
LOG ON
( NAME = northwind_log,
   FILENAME = 'd:Program FilesMicrosoft SQL ServerDatanorthwind.ldf',
   SIZE = 5MB,
   MAXSIZE = 25MB,
   FILEGROWTH = 5MB )
GO

After ensuring that database was successfully created, stop your SQL Server service. Copy the .mdf file you have from the current directory to the SQL Server data directory. When asked whether you wish to overwrite the existing file, choose "yes." Now, start your SQL Server again. SQL Server will recover all the data and schema you had in the original database.

Method Two

This method is used when you don't want to stop and restart SQL Server. WARNING: be extremely careful when running the following code. Updating system tables with incorrect values might cause your server to crash!
Copy your .mdf file and paste it to SQL Server data directory. Next, configure your server to allow changes to the system tables. This can be accomplished by running the following code in the Query Analyzer:

sp_configure 'allow_updates', '1'
RECONFIGURE WITH OVERRIDE

Now, add an entry for your database to the sysdatabases system table in the master database. First, a quick lesson about sysdatabases table is in order. This system table tracks all user-defined and system databases that reside on the server. The columns that you should be concerned with are described in the following table:

COLUMN NAME	MEANING
Name	Database name
Dbid	Internal identifier for each database
Sid	Security id for the database - hexadecimal value
Mode	Used internally - do not set this value to anything other than 0
Status	Status bits that inform SQL Server of the database configuration options. Some of these options can be set using sp_dboption system stored procedure.
Status2	Additional status information, also in bit format
Reserved	Reserved for future use. Contains '1/1/1900' for all databases except model.
Crdate	The date the database was created
Category	Bitmap of the replication option used with the database
Cmptlevel	The database compatibility level; with SQL Server 2000, this could be 65, 70 or 80
Filename	The physical path to where the file is stored

The following code snippet shows you the statement that can be used to populate the sysdatabases table with an entry for the new database:

INSERT master..sysdatabases (name, dbid, sid, mode, status, status2, 
       crdate, reserved, category, cmptlevel, filename)
VALUES ('northwind', 10, 0x01, 0, 24, 1090519040, getdate(), '1/1/1900', 
        0, 80, 'd:Program FilesMicrosoft SQL ServerDatanorthwind.mdf')

Of course, if dbid of 10 is already taken, please choose another available identifier. You should examine sysdatabases table before adding any records to it. Now, reset your server to disallow updates to system tables:

sp_configure 'allow_updates', '0'
RECONFIGURE

Your database is now ready to be used. Again, please be extremely careful while making changes to sysdatabases system table (or any other system table for that matter). Inexperienced SQL Server users should use Method One.

Cyber Crime Investigators Field Guide for Winmobile Pocket PC

Computer crime field guide with tools investigators use, how to use them, and which procedures to follow.

Long gone are the days when a computer took up an entire room. Now we have computers at home, laptops that travel just about anywhere, and data networks that allow us to transmit information from virtually any location through the Internet in a timely and efficient manner. What have these advancements brought us? Another arena for criminal activities, including identity theft, spam emails and computer viruses. If someone wants to focus and target something, more than likely they will obtain what they want. We shouldn't expect it to be any different in cyberspace.
Designed as a field guide for law-enforcement, the Cyber Crime Investigator's Field Guide describes how to investigate a computer crime from beginning to end, covering everything from what to do upon arrival at the scene until the investigation is complete, including chain of evidence.
The product includes:

• tools investigators use
• how to use those tools
• which procedures to follow

Topics include:

• questions to ask the client
• evidence collection procedures
• password cracking
• key Unix/Linux commands
• a glossary of commonly used terms
• Cisco firewall data and commands
• attack signatures
• a port number reference
• other items to aid the field investigator in efficiently handling computer security incidents

Cyber Crime Investigator's Field Guide provides the investigative framework, a knowledge of how cyberspace really works, and the tools to investigate cyber crime...tools that tell you the who, where, what, when, why, and how.

10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

1. BackTrack
The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).
BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.
Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.
Get BackTrack Here.
2. Operator
Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).
Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.
Get Operator Here
3. PHLAK
PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.
Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.
Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).
4. Auditor
Auditor although now underway merging with WHax is still an excellent choice.
The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.
Get Auditor Here
5. L.A.S Linux
L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).
Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL.
Get L.A.S Linux Here
6. Knoppix-STD
Horrible name I know! But it’s not a sexually trasmitted disease, trust me.
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.
Get Knoppix-STD Here 
7. Helix
Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.
Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.
Get Helix Here
8. F.I.R.E
A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.
FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
Get F.I.R.E Here
9. nUbuntu
nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.
The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.
Get nUbuntu Here
10. INSERT Rescue Security Toolkit
A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).
INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.
The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2
Get INSERT Here
Extra – Knoppix
Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!
Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released – Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.
KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.
Get Knoppix Here
Other Useful Resources:
SecurityDistros
FrozenTech LiveCD List
DistroWatch
Others to consider (Out of date or very new):
SlackPen
ThePacketMaster
Trinux
WarLinux
Network Security Toolkit
BrutalWare
KCPentrix
Plan-B
PENToo