SQLite Forensic RecoveryPart of the Forensic Toolkit for SQLite
The Ultimate Tool for Searching Multiple SQLite Databases
Modern operating systems typically contain many SQLite databases (often in excess of 100), SQLite Recovery can be used to display all of them alongside each other allowing the investigator to gain an overview of the type and content of all of the databases on the suspect’s computer. These databases can contain anything from SMS messages to lists of passwords and are an invaluable source of evidence.
SQLite Recovery is a forensic tool to aid in the recovery of SQLite databases, tables and records. SQLite Recovery can search a disk, volume, image or file for deleted SQLite databases.
The output is individual SQLite databases that can be investigated with other forensic software such as SkypeAlyzer.
- Simple to use
- Template based
- Carves deleted journal and WAL files
- Distinguish between live and deleted records in a database
- Carves unknown databases (including those in unallocated space)
- Search all tables for multiple keywords at one
- Template constraints can override column affinity
- Extracts to sqlite databases to investigate with ‘other’ forensic software
- Extract every bob from every database to view in another forensic tool
- Export a recovered table to XLS
- Parse time filtering to improve quality of recovered data
- Optionally display numeric columns as formatted date
- Advanced filters to clean up data post parse
- Automatically identify and delete duplicate rows
- Supports parsing from individual files (DD/Unallocated), logical and physical devices, EWF images.
SQLite Recovery is template-based and can recover databases from templates created by the user (which can also be shared amongst users).
The process of creating templates is very straight forward, and in a lot of cases is just point and click.
However, SQLite Recovery can also optionally identify deleted database schemas and create & extract records from databases that the investigator has not specified via a template.
These databases are grouped together and displayed for the investigator to determine relevance to their investigation.
The recovered SQLite tables are displayed to the user in multiple grids and advanced filters are provided that will allow the user to manually “clean up” any corrupt or non-valid records in the recovered databases by deleting records, including all duplicate records.
Advanced filtering functions are provided to allow the investigator to identify valid or invalid records
As a forensic tool SQLite records the location of each recovered database row.
Learn more about the powerful tools included in our Forensic Toolkit for SQLite
SQLite Forensic Explorer
Part of the Forensic Toolkit for SQLite
Learn more about the
Forensic Browser for SQLite
Part of the Forensic Toolkit for SQlite
Forensic Toolkit for SQLite
To request your quote!