Difference between pages "Microsoft PocketPC" and "SQLite database format"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Rewrote history section.)
 
 
Line 1: Line 1:
__TOC__
+
{{expand}}
  
=Overview=
+
SQLite databases are used by many programs including several forensics tools, e.g. [[Autopsy]] 3.
A PocketPC is commonly referred to as a handheld computer that runs a version of Microsoft’s proprietary mobile operating systems.
+
SQLite 3 is current and older SQLite packages cannot use sqlite3 databases so use sqlite3 tools.
  
[[Image:Pocketpc.jpg|thumb|Acer PocketPC]]
+
== SQLite3 ==
  
Microsoft PocketPC, sometimes referred to as P/PC or PPC, is based upon the Windows CE framework.  Variants of this operating system include versions such as PocketPC 2000, PocketPC 2002, Windows Mobile 2003/2003 SE, and Windows Mobile 5.0.  Variants also exist for [[SmartPhones]], such as Windows Mobile 2003 Smartphone edition.
+
SQLite version 3 uses a page-based storage where the pages are used for various types of data e.g. there are:
 +
* lock-byte pages
 +
* freelist pages
 +
** freelist trunk pages
 +
** freelist leaf pages
 +
* B-tree pages
 +
** table B-tree interior pages
 +
** table B-tree leaf pages
 +
** index B-tree interior pages
 +
** index B-tree leaf pages
 +
* payload overflow pages
 +
* pointer map pages
  
One of the key benefits of Microsoft's Windows Mobile platform is file format compatibility with the desktop versions of the company's productivity software. Mobile versions of Microsoft software, such as Pocket Word, Pocket Excel, and Pocket PowerPoint, allow individuals to view and edit these files outside of the home and office.  
+
=== Write-Ahead Log (WAL) ===
 +
The default method by which SQLite implements atomic commit and rollback is a rollback journal. In version 3.7.0 a "Write-Ahead Log" option was added.
  
Another benefit is integration with Microsoft's cross-platform solution, the .NET Framework.  The .NET Framework and its associated class libraries handle things such as memory management, file I/O, and many other functions.  The .NET Framework allows programmers to develop code in one of several .NET languages, such as C# and VB.NET.  PocketPCs run a simplified version of the framework called the .NET Compact Framework.
+
== Use Cases ==
 +
=== Web Browser Data ===
 +
[[Mozilla Firefox]] and [[Google Chrome]] both use SQLite version 3 databases for user data such as history, downloaded files.
  
In order to maintain synchronization and connectivity with desktop computers, Microsft developed the ActiveSync program. The user merely has to connect the PocketPC to the desktop computer in order to synchronize items such as appointments, contact lists, and even multimedia files. 
+
== External Links ==
 +
* [http://sqlite.org/fileformat2.html The SQLite Database File Format], by the [[SQLite|SQLite project]]
 +
* [http://sqlite.org/wal.html Write-Ahead Logging], by the [[SQLite|SQLite project]]
 +
* [http://linuxsleuthing.blogspot.ch/2013/09/recovering-data-from-deleted-sqlite.html Recovering Data from Deleted SQLite Records: Redux], by [[John Lehr]], September 13, 2013
  
In 2001, PDAs running Palm OS variants held a market share of about 72%, while PocketPC held a meager 15% of the market.  However, by the fourth quarter of 2004, Microsoft PocketPC and Palm OS were practically tied with regards to market share -- PocketPC-based devices had a market share of 40.2% while Palm OS claimed 40.7% of the market.  This upward trend clearly illustrates the growing popularity of PocketPC-based devices, and thus the increased likelihood that one will encounter such a device in the field.
+
== Tools ==
 +
* [[SQLite]]
 +
* [[SQLite Forensic Reporter]]
  
 
+
[[Category:File Formats]]
== History ==
+
 
+
Windows CE, which serves as the framework for the Pocket PC operating systems, began its life in November of 1996.  The NEC MobilePro 200 and the Casio A-10 were the first two PDA-type devices available with this early version of the operating system, which was dubbed Handheld PC 1.0.
+
 
+
Subsequently, Microsoft released iterations of its mobile operating systems with names such as Handheld PC 2.0 (1997), Palm-Size PC 2.0 (1998), Handheld PC Professional Edition (1998).
+
 
+
As development of Windows CE continued, manufacturers began to build more esoteric devices around it, such as internet TV set-top boxes and web-enabled telephones. 
+
 
+
Pocket PC officially began its public life when it was previewed at the Consumer Electronics Show in 2000.  Codenamed "Rapier", the first version of the PocketPC operating system was simply named Pocket PC.
+
 
+
=PocketPC Variants=
+
As previously noted, there exist many variants of the PocketPC operating system.  Below are a summary of each.
+
 
+
==PocketPC 2000==
+
 
+
PocketPC 2000, based on Micrsoft's Windows CE 3.0 platform, was a first step towards the familiar appearance and functionality that is offered by Windows Mobile 5.0.  Devices running PocketPC 2000 ranged from the Askey PC010, which had a 16-color grayscale screen with no expansion slots, to the Casio EM-500, which had a 64k color screen and provisions for upgraded pheripherals such as cameras.  PocketPC 2000 launched with versions of Pocket Word, Pocket Excel, and Microsoft Reader bundled.  ActiveSync 3.1, which provided an easier way to install applications onto the PocketPC, was required to synchronize with host desktop machines.
+
 
+
==PocketPC 2002==
+
Codenamed "Merlin," PocketPC 2002 was Microsoft's Windows CE 3.0-based upgrade to PocketPC 200.  PocketPC 2002 offered many improvements over the previous operating system, including a Terminal Service Client, a new mail Inbox, Windows Media Player 8.0, improved versions of Pocket Word and MS Reader, and many other features. 
+
 
+
There were three service packs (EUUU1/2/3) released which addressed bugs and other issues in the original release.
+
 
+
==Windows Mobile 2003 & 2003 Second Edition==
+
Windows Mobile 2003, codenamed "Ozone", was officially released in June of 2003.  The operating system is based on Microsoft's Windows CE 4.2, which claimed to provide a more responsive system when compared with devices running Windows CE 3.0.  This version of the operating system added many useful features, including a picture viewer, built-in Bluetooth and WiFi support, Windows Media Player 9.0, as well as a host of Personal Information Management application improvements.  This version of Windows Mobile required ActiveSync 3.7 to communicate with a host computer.
+
 
+
Windows Mobile Second Edition, released in 2004, added support for 640x480 VGA resolution, portrait and landscape display modes, DPI settings, and many other improvements.
+
 
+
==Windows Mobile 5.0==
+
Windows Mobile 5.0, based off of Windows CE 5.0, was released on May 10, 2005.  Windows Mobile 5.0 brought many changes to the PocketPC landscape.  For one, with this release, the phone and PDA versions of the OS have merged into one encompassing OS, instead of two separate versions of the same one.  Additionally, while past versions of PocketPC software utilized the RAM of a PDA for program and data storage, Windows Mobile 5.0 uses a PDA's hardware more like a traditional computer.  The operating system and user data is stored in the more persistent ROM of the device, and RAM is used in a way more similar to that of a desktop PC.  This has implications for forensics, as data stored on these devices is now less volatile.
+
 
+
=Pocket PC Devices=
+
In recent years, a number of manufacturers have elected to produce PocketPC devices.  Some of these makers include companies such as:
+
 
+
*  Acer
+
*  Asus
+
*  Audiovox
+
*  Dell
+
*  HP
+
*  Mitac
+
*  Motorola
+
*  Samsung
+
*  Siemens
+
*  Symbol
+
*  Treo
+
 
+
Because different manufacturers are targeted at different segments of the market, such as business and consumers, the features and functionality of these devices sometimes differ greatly.  For example, some devices have built-in capability for taking images and videos, while other devices have tools such as biometric fingerprint readers and barcode scanners.
+
 
+
 
+
 
+
 
+
 
+
'''References:'''
+
----
+
 
+
[http://www.hpcfactor.com/support/windowsce/ The History of Microsoft Windows CE]
+
 
+
[http://palmtops.about.com/cs/pdafacts/a/Palm_Pocket_PC.htm Palm vs. Pocket PC-The Great Debate]
+
 
+
[http://www.windowsfordevices.com/news/NS8063885791.html Gartner: Windows CE ties Palm]
+
 
+
[http://en.wikipedia.org/wiki/Pocket_PC PocketPC]
+

Revision as of 01:49, 30 October 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

SQLite databases are used by many programs including several forensics tools, e.g. Autopsy 3. SQLite 3 is current and older SQLite packages cannot use sqlite3 databases so use sqlite3 tools.

SQLite3

SQLite version 3 uses a page-based storage where the pages are used for various types of data e.g. there are:

  • lock-byte pages
  • freelist pages
    • freelist trunk pages
    • freelist leaf pages
  • B-tree pages
    • table B-tree interior pages
    • table B-tree leaf pages
    • index B-tree interior pages
    • index B-tree leaf pages
  • payload overflow pages
  • pointer map pages

Write-Ahead Log (WAL)

The default method by which SQLite implements atomic commit and rollback is a rollback journal. In version 3.7.0 a "Write-Ahead Log" option was added.

Use Cases

Web Browser Data

Mozilla Firefox and Google Chrome both use SQLite version 3 databases for user data such as history, downloaded files.

External Links

Tools