Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
1
Posts
1
Users
0
Likes
810
Views
Topic starter
Hello all,
I am analyzing an APFS formatted physical forensic image of a MacBook.
There are several juicy SQLite database files located at /Users/"UserName"/Library/Group Containers/#########.Office/Outlook
Outlook.sqlite
Outlook.sqlite.shm
Outlook.sqlite-wal
Outlook.sqlite.bak
However, the SQLite files appear to be encrypted as I cannot extract text nor open these files using multiple different forensic tools.
** Are these files all encrypted? If so, any clues on how to decrypt or if decryption is even possible??
Posted : 20/09/2018 11:25 pm