You will learn how to decode deleted data manually and how to decode records that are partially overwritten. The binary tree structure is also seen in detail (root, leaf.) You will find the format of the SQLite database, and more important the associated journal and Write-Ahead Logs (WAL) with a lot of great detail. The importance of examining all of the data held in these databases in an investigation is really important in our case, and of course this includes examining deleted data whenever possible. Each computer or phone using SQLite often has hundreds of SQLite databases. You can now find SQLite database on each smartphone you are going to analyze (iOS and Android) but also on Linux, Macs and Windows computers. If you are a forensic practitioner, you will need this book and keep it as long as SQLite database is used in phone and computer forensic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |