Thanks also John
I have recently uploaded one more blog post regarding processing WAL files.
I know some people advocate a technique (for those without access to forensic software) which involves investigaing the database both with the WAL file present and after deleting/renaming the WAL file.
This technique is very dangerous and gives a false sense of security. There are usually many copies of the same database page in a WAL with each page being a different revision history. Using the technique proposed will only get the last version of a given page (in the DB) from before the WAL was created the most recent version of the page from the WAL - all previous copies of this page will be missed.
The article at the link below explains in basic terms how WALs work and gives a step by step example (that you can try with something like the firefox plugin) that shows how to create a very simple test DB, delete a record and then show how, and why, the delete/rename technique does not work and should be avoided if at all possible.
I hope you find it interesting.
http//