The Forensic Toolkit for SQLite (software and USB hardware protected versions) can be purchased - here
|For corporate or law enforcement investigators a fully functional demo licence for the Forensic Toolkit for SQLite can be obtained by clicking here and providing your official email address, full name and position within your organisation|
Forensic Browser for SQLite
Have you ever needed to create a report from an SQLite database that is not supported by your current forensic tools, or your current forensic tool only supplies a subset of the data? Have you looked at an SQLite database and been frustrated that a date column is displayed as just a string of user unfriendly digits? Would you like to look at a blob field as a picture rather than just see "blob" displayed in the field? Would you like to create a PDF report with just a few columns in a particular order from certain users sorted by a date field? Would you like to do this just using drag and drop and your mouse?
Forensic Browser for SQLite allows you (all without typing a single sql query) to:
- Perform a simple select on some or all of the fields in a table
- Automatically recover deleted & partial records from the DB and associated journal/wal
- Perform more complex visual joins (drag and drop) on multiple tables
- Add groups, aliases and where clauses if required
- Choose which columns to sort on
- View the resulting SQL select commands of the above
- Search every row in every table for multiple keywords
- Add and display a map corresponding to latitude and longitude columns in a table
- See the resulting table in a grid form
- Alternate display for user specified fields (display a numeric field as a Unix date etc.)
- Display a blob as a picture
- Display a blob as a decoded binary plist
- Extract all blobs for review with other tools
- Choose which columns you want to see in the grid/report
- Iteratively go back and modify your SQL if the results are not as expected
- Preview a report with custom headers/footers/formatting
- Print the report to a printer/PDF
- Unicode support
- Write plugins/extensions to decode or display additional data (such as encoded data stored as a blob, or import pictures stored external to a database)
More information can be found at the Forensic Browser for SQLite web page
SQLite Recovery is an advanced carving tool that is template based and can recover live and deleted SQLite databases from disk images (including unallocated space). Although this application is template based it can also automatically identify deleted databases and recover the content of these databases for further investigation (and to add them to the known templates list).
SQLite Recovery allows the user to add constraints to a template to help reduce the occurence of spurious records.
More information on SQLite Recovery here
SQLite Forensic Explorer
Ever wondered what the SQlite authors mean when they talk about B-Trees, pages and WAL files? SQLite Forensic Explorer provides an unprecedented low level view on the workings of an SQLite database or Write Ahead Log (WAL) file. SQLite Forensic Explorer allows the investigator to see exactly what each byte means, identify unusued space and recover deleted records.
More information is available at the SQLite Forensic Explorer page, here