Difference between revisions of "SQLite Recovery"

From ForensicsWiki
Jump to: navigation, search
(Created page with "Modern operating systems typically contain many sqlite databases (often in excess of 100), SQLite Recovery can be used to display all of them alongside each other allowing the...")
 
Line 1: Line 1:
 +
{{Infobox_Software |
 +
  name = SQLite Recovery |
 +
  maintainer = Sanderson Forensics Ltd. |
 +
  os = {{Windows}} |
 +
  genre = {{Analysis}} |
 +
  license = {{Commercial}} |
 +
  website = [http://www.SandersonForensics.com http://www.SandersonForensics.com] |
 +
}}
 +
 
Modern operating systems typically contain many sqlite databases (often in excess of 100), SQLite Recovery can be used to display all of them alongside each other allowing the investigator to gain an overview of the type and content of all of the databases on the suspects computer. These databases can contain anything from SMS messages to lists of passwords and are an invaluable source of evidence.
 
Modern operating systems typically contain many sqlite databases (often in excess of 100), SQLite Recovery can be used to display all of them alongside each other allowing the investigator to gain an overview of the type and content of all of the databases on the suspects computer. These databases can contain anything from SMS messages to lists of passwords and are an invaluable source of evidence.
  

Revision as of 13:19, 16 July 2014

SQLite Recovery
Maintainer: Sanderson Forensics Ltd.
OS: Windows
Genre: Analysis
License: Commercial
Website: http://www.SandersonForensics.com

Modern operating systems typically contain many sqlite databases (often in excess of 100), SQLite Recovery can be used to display all of them alongside each other allowing the investigator to gain an overview of the type and content of all of the databases on the suspects computer. These databases can contain anything from SMS messages to lists of passwords and are an invaluable source of evidence.

SQLite Recovery is a forensic tool to aid in the recovery of SQLite databases, tables and records. SQLite Recovery can search a disk, volume, image or file for deleted SQLite databases.

The output of SQLite Recovery is individual sqlite databases that can be investigated with other forensic software such as SkypeAlyzer.


Features

   Simple to use
   Template based
   Carves deleted journal and WAL files
   Carves unknown databases (including those in unallocated space)
   Search all tables for multiple keywords at one
   Template constraints can override column affinity
   Extracts to sqlite databases to investigate with 'other' forensic software
   Export a recovered table to XLS
   Parse time filtering to improve quality of recovered data
   Optionally display numeric columns as formatted date
   Advanced filters to clean up data post parse
   Automatically identify and delete duplicate rows
   Supports parsing from individual files (DD/Unallocated), logical and physical devices, EWF images.

SQLite Recovery