In this article I will take you step by step through the process of creating a custom, but simple, report on a Kik messenger database using the Forensic Browser for SQLite.
As we work through the process we will chose … Read more
PaulSanderson
Forensic Browser for SQLite – basic joins, pictures and filtering data
In this article I cover a few of the areas where the Forensic Browser for SQLite provides features that are missing in other browsers or where it complements other more generic forensic software by providing features that are specific to … Read more
SQLite – Recovering deleted and partial records
In this article I want to discuss how we can recover deleted records from an SQLite database, or rather how we can recover all records and distinguish between those that are live in the DB and those that are found … Read more
Investigating the new Skype media_cache with the Forensic Browser for SQLite
Skype recently introduced cloud based operation and started moving away from peer-to-peer messaging with a view, to paraphrase Skype, of improving the service that we receive.
The move has had the effect of introducing a new set of artefacts and … Read more
Forensic examination of SQLite Write Ahead Log (WAL) files
I am sure that you are aware that when an SQLite database is opened if there is an associated WAL (Write Ahead Log) file then the pages in this WAL are automatically written to the main database, thus overwriting records, … Read more
Dealing With Records Found in SQLite Rollback Journals
Sanderson Forensics was recently contacted by a customer at a police force with a question relating to deleted SQLite records that were found in a rollback journal. The requirement was to create a report(s) showing both the live records in … Read more
Using the Forensic Browser for SQLite to examine ANY SQLite database
We all know that SQLite has become pervasive and is common on pretty much every investigation we do and we often rely on your Swiss army knife type tools to produce reports on all of the databases found in an … Read more
Reconnoitre – Link files, geolocation and C4P
Since Reconnoitre was released in January this year there have been a number of enhancements driven by requests from our users including link file support, EXIF and geolocation support, features to query C4P hash servers and advanced reporting.
Of course … Read more
Reconnoitre from Sanderson Forensics updated
Sanderson Forensics are pleased to announce an update to our most recent software tool Reconnoitre.
Reconnoitre allows the forensic investigator to quickly and easily investigate images containing volume shadow copies, without the need to run VSSAdmin.
This latest version … Read more
Reconnoitre Released by Sanderson Forensics
Sanderson Forensics are pleased to announce the release of Reconnoitre.
Reconnoitre is a forensic application designed to make working with files within a Volume Shadow Copy as easy as working with a file in any image. Simply:
1. Create … Read more