Get a User that has Deleted Rows with SQL

Get a User that has Deleted Rows with SQL

Getting a user that has deleted rows with SQL is a multi-part process.

First you have to search the transaction log file for information on deleted rows.

SELECT     [Transaction ID],    Operation,    Context,    AllocUnitName    FROM     fn_dblog(NULL, NULL) WHERE     Operation = 'LOP_DELETE_ROWS' --Get Deleted Rows & Transaction ID

This will show you the Deleted Rows and give a Transaction ID for each operation. Now you need to use this Transaction ID to get the transaction SID of the user who has deleted the data:

SELECT     [Transaction ID],    Operation,    Context,    AllocUnitName    FROM     fn_dblog(NULL, NULL) WHERE 		[Transaction ID] = '0000:0000035' --Example Transaction ID to Delete	AND	    Operation = 'LOP_BEGIN_XACT' --GET Transaction SID

Finally, you need to convert the Transaction SID into readable text to display the user details:

SELECT SUSER_SNAME(0x0105000000000002120000009F11CA398C81F81398D0CD14E8030030) --Based on Transaction SID That Was Returned Earlier
Share the Post:
XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing

data dictionary

Tools You Need to Make a Data Dictionary

Data dictionaries are crucial for organizations of all sizes that deal with large amounts of data. they are centralized repositories of all the data in organizations, including metadata such as