SQLite Forensics Fundamentals
This course will give participants an understanding of SQLite, how data is stored and the skills necessary to create queries to extract, interpret and present information in a meaningful manner. This includes translating dates and times and querying information stored in multiple tables to create a more robust report.
Specialist level
Introduction
This module will introduce you to the SQLite Database and how it has been implemented by the applications that we use on a daily basis.
SQLite Database Structures
This module will give you a basic understanding of the main database file. We will decode the database using information from the file header and explore b-tree page structures at a hex level.
SQLite Querying Language
This module will provide you with the knowledge to construct queries to extract, interpret and create more robust reports from multiple database tables.
Exercises on SQLite Databases
Using the skills learnt in previous modules we will decode and interrogate the Microsoft Edge Chromium and Mozilla Thunderbird SQLite databases.
SQLite Journal Files
This module is an introduction to Rollback Journals and Write-ahead logs. We will discuss how journaling works, journal file structures and some forensic considerations when dealing with these type of files.
SQLite Database Schema
This module provides an understanding of the database schema. We will explore the sqlite_master table to look at tables and the data types they can hold. We will also discuss indexes, triggers and views and how they can be useful during an examination.