Researching SQLite records

I’ve been on the road now for about 14 days teaching the Teel Tech Smart Phone course with Dr. Gary Kessler. His help, suggestions and mentoring have been invaluable.

We are currently teaching the course in Veenendaal NL at Data Expert to groups from the Dutch Police. During the four classes Gary and I have been co-teaching he has developed a Perl script to reverse engineer and study SQLite records.

In its current iteration the parser will accept any binary file and scan it assuming it contains sqlite records. This means you can carve out sections of unallocated space containing possible SQLite record fragments and reverse engineer the structure. This is helpful for decoding orphan records.

The file is invoked as per the graphic below

Image

You can download the perl script here-

http://www.box.com//static/flash/box_explorer.swf?widget_hash=03a008b39edbc68a093c&v=0&cl=0&s=0

I hope this helps you in your forensic quests.

M

Advertisements

2 comments

  1. Duncan Wanjohi

    This seems like exactly what I am looking for, though the link seems to be broken. Please look into it or email if you can.

Let Me Know Whatcha Think....

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s