# Searching Flight Recorder Information

Defining the attributes of the flight recorder in the console is an administrative function and must be performed prior to accessing the flight recorder. However once done, the flight recorder information can be accessed and searched. To do this, simply click on **Flight Recorders** in the console tree.

You will be presented with the following search screen:

<figure><img src="https://2423451286-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F42mDa58RoaDxb6t8mbaI%2Fuploads%2Fgit-blob-aa589d675be667eaed183f486f9cd235df8a609d%2Fimage.png?alt=media" alt=""><figcaption><p>Flight Record: History: attack</p></figcaption></figure>

You can select ranges of fields for searching or simply click the **Search** button to view all Flight Recorders:

<figure><img src="https://2423451286-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F42mDa58RoaDxb6t8mbaI%2Fuploads%2Fgit-blob-f65fef9ef75a67f81a3d97ed0d0256f174c2faee%2Fimage.png?alt=media" alt=""><figcaption><p>Searching</p></figcaption></figure>

In this case there is one Flight Recorder in the ATTACK table in the HISTORY database. You can see the `DEVICE_ID` used to trigger the attack, when it was started and its status *(**Open** meaning that it is still recording, **Closed** meaning that recording for the specified `DEVICE_ID` has been stopped).*

Following this is the number of records recorded so far for the given `DEVICE_ID`, the reason for the trigger, the IP address, the User ID *(if known)*, the Case Number if a case has been triggered and the Browser used at the time of the trigger.

We can deduce that someone attempted an SQL injection attack in the password field on the QwertyLogon page.