Sanderson Forensics - Forensic Browser extensions

Forensic Browser extensions
ESE/EDB/JetBlue Database extension for the Forensic Browser

by
Paul

View Profile

View Forum Posts

Private Message

View Blog Entries

View Articles

Number of Views: 8907

Forensic Browser for SQLite – ESE extension

ESE, Extensible Storage Engine or Jet Blue databases as I am sure most are aware are a proprietary database format used extensively by Microsoft both on Windows phones and Windows computers. They are used in many applications including Exchange, Internet Explorer, Active Directory and Cortana. While there are a few different applications that allow you to view the content of the database there is nothing to my knowledge that allows you to perform queries and joins on the different tables using SQL, ...

Read More
Skype media cache

by
Paul

View Profile

View Forum Posts

Private Message

View Blog Entries

View Articles

Published on 19th May 2015 15:37 Number of Views: 9960

This extension is based on an article I wrote a few weeks ago, so I won't go over it now but rather point you to the extensive information within that article: ...

Read More
Tango blob decoder

by
Paul

View Profile

View Forum Posts

Private Message

View Blog Entries

View Articles

Published on 19th May 2015 14:48 Number of Views: 8191

The Tango messenging application stores its message data in the payload column as blobs within the messages table, further these blobs are base 64 encoded. User data is also encoded in the profilescache.db database.
...

Read More
Facebook orca2.db blob decoder

by
Paul

View Profile

View Forum Posts

Private Message

View Blog Entries

View Articles

Published on 17th May 2015 16:10 Number of Views: 12262

The FaceBook orca extension has now been replaced by a built in feature of the Forensic Browser - more information here.

Under IOS Facebook store the content of messages in compound structure within ...

Read More
Kik binary plist decoder

by
Paul

View Profile

View Forum Posts

Private Message

View Blog Entries

View Articles

Published on 16th May 2015 16:29 Number of Views: 9304

Kik on IOS devices stores attachments/pictures which are sent with messages in binary PLists external to the SQLite database. Clearly when creating a report it would be useful to display any pictures alongside the message to which they belong. This extension ...

Read More
Skype ChatSync extension

by
Paul

View Profile

View Forum Posts

Private Message

View Blog Entries

View Articles

Published on 26th February 2015 16:40 Number of Views: 6487

This Forensic Browser extension parses all of the files in the Skype ChatSync folder extracting usernames and associated Lan and Wan IP adresses. With an appropriate third party ipinfodb account IP addresses can ...

Read More

Forensic Browser extensions

ESE/EDB/JetBlue Database extension for the Forensic Browser

Skype media cache

Tango blob decoder

Facebook orca2.db blob decoder

Kik binary plist decoder

Skype ChatSync extension

Navigation

Recent Articles