Mobile devices dominate the intake list and the desks of most digital forensics analysts globally. With an increase in device security, the need for detailed analysis is also increasing. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data, analysts can arm themselves with the skills and techniques needed to conquer the analysis of nearly any application. In this course, participants will learn how to complete the following:
- Define SQLite and how to identify and analyze logically.
- Recognize relevant locations of valuable data within a SQLite database.
- Develop skills needed for crafting custom SQLite queries.
- Recognize and decode a variety of common timestamp formats.
- Perform SQLite analysis with automation.