Mobile devices dominate the intake list and the desks of most digital forensics analysts globally. Devices are becoming more secure, with an increase in security; the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data, we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application.
Students will learn how to:
- Identify and logically analyze SQLite.
- Recognize relevant locations of valuable data within SQLite databases.
- Develop skills needed for crafting custom SQLite queries.
- Recognize and decode a variety of common timestamp formats.
- Perform SQLite analysis with automation.