SQLite Forensics

Become a database expert

  • Application-oriented database training with a variety of common forensic toolkits
  • Quickly locate and filter data with SQL
  • In-depth analysis of databases with Sanderson Forensics
  • Recovery of deleted data in SQLite
  • Continuous update of contents, depending on market developments

Why should you attend this training?

Almost every popular smartphone app stores relevant data in SQLite databases. Forensic toolkits automatically decode databases of these apps and display contained data in a structured way. However, only a small number of apps are analysed automatically – depending on the toolkit about 20 – 300 apps are supported. In contrast, there are already 3.8 million different apps available for download only in the Google Play Store. In addition, depending on the toolkit, only certain versions of apps are supported. Important case data can be overlooked, as these apps are not analysed automatically. In these cases, a manual interpretation of app databases is necessary, as it is practised in this extraordinary training. Targeted database queries using SQL also allow to quickly find specific information in large amounts of data.

This training is aimed at forensic professionals with experience in extracting and analysing mobile devices with Cellebrite UFED, MSAB XRY or similar toolkits. This training teaches participants how to analyse databases to obtain evidence from unsupported apps, the usage of SQL to handle large amounts of data and methods of recovering deleted data.

The training includes:

  • Exercises with solutions (smartphone dumps)
  • Exams
  • Certificates
  • Participant guide with detailed description of all training content (includes step-by-step instruction and examples)

Contents:

The training contents are continously updated, therefore we ask you to contact us if you are interested in this training to ensure that you are up-to-date.

L2B.1 Introduction into databases
  • Motivation: databases in mobile devices
  • “Why SQLite forensics is a necessary skill & remains so in the future.”
L2B.2 Database Basics
  • Functionality of databases, especially SQLite
  • Important data types & functions
  • SQLite databases in different toolkits
L2B.3 SQL Workshop
  • Motivation
  • Basic queries
  • Advanced features
  • Joins
  • Practical exercises throughout the whole module
L2B.4 Recovering deleted data
  • Internal functions of SQLite
  • Sources of deleted data
  • Pragmas
  • Tools for recovering deleted data
L2B.5 SQLite Analysis in practice
  • Cellebrite SQLite Wizard
  • Oxygen Forensic SQLite Viewer
  • MSAB XRY
  • MAGNET Axiom
  • Sanderson Forensics Browser/Explorer
  • Validation of data
  • Practical exercises throughout the whole module

The training contents can be adapted to your personal requirements.

If you have further questions, feel free to contact us: office@t3k-forensics.com or +43 1 929 15 91 – 60.

Mobile Phone Extractions & Analysis Training

Learn the basics of mobile forensics – tool independend & precise knowledge for daily work

Advanced Smartphone Forensics Training

Unlocking, advanced extraction methods and other skills beyond toolkit capabilities

SQLite Forensics for Smartphones

Get additional information from databases & retrieve deleted data