SQLite Forensics Book, now available on Amazon

More information here


Most Popular Blogs

  1. Police boot suspects computer.....

    A post on one of the computer forensics forums in relation to computer forensics standards and specifically about a non computer forensics officer switching on a device that is currently switched off has got me thinking. First off I didn’t see the program (I understand it was in relation to the occupants of a car stopped in for questioning in respect to drug related matters) so can't comment specifically, but that aside, are we a little over paranoid about computer evidence and the affect that such ...
    General Articles
  2. SQLite Recovery

    Many recent applications and even operating systems, particularly on mobile phones, have embraced the SQLite database as a standard. This means that as forensic investigators we need to be able to find and parse these databases as part of almost every case.

    While there are tools that can examine specific SQLite databases such as SkypeAlyzer and NetAnalysis and these tools provide functionality to parse databases to look for deleted records and carve records from unallocated space. ...
  3. Sanderson SQLite Forensic Toolkit on a Mac OS X using CrossOver

    This article is related to running Sanderson SQLite Forensic Toolkit on a Mac OS X system. I apologize in advance for the lengthy read but please take the time to read everything and understand the concepts. I had to peruse the CrossOver wiki and support areas in order to understand what needed to be accomplished for unsupported applications to work.

    Thanks to Paul Sanderson for encouraging me to put together this article.

    Disclaimer: I am not affiliated with either ...
    Attached Thumbnails Attached Images    
  4. SQLite Database Forensics – ‘Sleep Cycle’ Case Study

    SQLite databases are becoming more and more of a focus point for the present day Digital Forensics Specialist, with the increase of applications available on the app store providing a gold mine for digital evidence waiting to be discovered. Commercial forensic software companies are rapidly expanding their research and development departments, which are under constant pressure to keep up with the reverse engineering of applications on the market and despite their best efforts, this is not feasible. ...

    Updated 25th March 2015 at 23:01 by DCS

    Tags: sqlite Add / Edit Tags
    Attached Thumbnails Attached Images  
  5. Securely wiping a hard disk versus destroying it.

    I have just spent considerable amount of time and money destroying some old hard disk drives that have contained indecent images of children from past investigations. This has got me thinking again as to whether secure destruction, be that shredding, hammering a six inch nail through them, degaussing or simple lump hammer therapy is an appropriate way to destroy the data on the drive especially given the cost of the drives and the potential for re-use. We are now a green(ish) society after all. ...
Page 1 of 2 12 LastLast