Mobile devices dominate the intake list and the desks of most digital forensics analysts globally. Devices are becoming more secure. With an increase in security, the need for detailed analysis is increasing as well. SQLite is a self-contained, serverless database engine. It is found on nearly every operating system and dominates iOS, Android, and macOS as one of the most prevalent and relevant data storage mechanisms. Rather than hope our forensic tools support the newest applications or be tethered to how a certain utility parses data, we can arm ourselves with the skills and techniques needed to conquer the analysis of nearly any application. This course will cover the following topics:
- Defining SQLite and learning how to identify and analyze it logically.
- Recognizing relevant locations of valuable data within a SQLite database.
- Developing skills needed for crafting custom SQLite queries.
- Learning how to recognize and decode a variety of common timestamp formats.
- Learning how to perform SQLite analysis with automation.