“Epilog” SQLite forensic tool now available

by

Researchers at CCL-Forensics have taken a significant step forward in their analysis of SQLite databases, which are extensively used by many computers, web browsers, mobile phones and SatNavs. The latest development within epilog allows investigators to reinstate these databases to a point where the deleted data becomes live once again, and therefore available for forensic analysis. It essentially restores the deleted content back into the database…This additional functionality is now being made available to forensic community – a free trial version is available at www.ccl-forensics.com/epilog.

Amongst other uses, it can recover deleted data from Safari and Chrome browsers, iPhones and iPads (including SMS, email and calendar) and Android (SMS, call logs, calendars, address book and others).

Features of epilog:

• epilog presents deleted data contained in SQLite databases
• epilog uses 3 different algorithms in order to recover and rebuild deleted records
• epilog analyses SQLite data recovered records and matches them to a table in the live database files
• epilog works on live and deleted database files, the temporary “journal files” which are generated during a database operation and across a disc image or hex dump
• epilog enables the user to save a single field to file, or batch export multiple “blob” (binary objects) fields from the recovered records for further analysis
• epilog allows the user to generate “Insert Statements” from recovered records in order to facilitate the restoration of deleted records into a live database

Many ‘off-the-shelf’ tools can be used to view the live records in the SQLite database, but it is the deleted data which Epilog extracts that could prove pivotal in an investigation.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

For example, in a recent case handled by CCL-Forensics, Epilog recovered and presented nearly 5000 entries from a smartphone’s web cache, where there were only 400 live (visible) entries.

Investigators can download a trial version of Epilog for a free evaluation at www.ccl-forensics.com/epilog, where further information about the tool can also be found.

Epilog is the first in a series of digital forensic developments created by the Research and Development team at CCL-Forensics. More tools will be made available over the coming months.

For more information, please email epilog@ccl-forensics.com.

Leave a Comment

Latest Videos

Forensic Focus

Forensic Focus
Rich Frawley, Director of Training at ADF Solutions, presents on the main features of DEI PRO for investigating computer and mobile devices from collection to reporting within the forensic software tool.

Rich Frawley, Director of Training at ADF Solutions, presents on the main features of DEI PRO for investigating computer and mobile devices from collection to reporting within the forensic software tool.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_xVfiOJm_tCk

Intro To DEI PRO: Assessing All Devices In A Timely Manner

Forensic Focus 28th September 2023 11:00 am

Ryan joins Si and Desi to discuss his research into SS7 hacking and cell phone tracking. As someone passionate about radio technology, Ryan became interested in cell networking and eventually discovered he could intercept calls and texts by building fake cell towers. He learned that phone users have virtually no ability to opt out of their locations and identifiers being commercially available via simple API calls. Ryan hopes to put this knowledge to good use by developing a system to warn domestic abuse shelters if an offender's phone is near by tracking SS7 data. During the technical discussion, Ryan demonstrates querying an API with his own phone number to retrieve subscriber data and location. The hosts consider how individuals could possibly protect themselves from SS7 exploits, such as avoiding SMS authentication. They also discuss Ryan's other projects exploring radio hacking tools and a magazine shining light on digital counterculture topics. 00:00 - Introducing Ryan 01:30 - What is SS7? 05:00 - SS7 attacks 08:05 - Research pathway 14:50 - Ryan's talk at BSides 16:20 - Using data to combat domestic abuse 30:00 - Protection from tracking 36:30 - Ryan's projects 44:15 - HVCK Magazine

Ryan joins Si and Desi to discuss his research into SS7 hacking and cell phone tracking. As someone passionate about radio technology, Ryan became interested in cell networking and eventually discovered he could intercept calls and texts by building fake cell towers. He learned that phone users have virtually no ability to opt out of their locations and identifiers being commercially available via simple API calls. Ryan hopes to put this knowledge to good use by developing a system to warn domestic abuse shelters if an offender's phone is near by tracking SS7 data.

During the technical discussion, Ryan demonstrates querying an API with his own phone number to retrieve subscriber data and location. The hosts consider how individuals could possibly protect themselves from SS7 exploits, such as avoiding SMS authentication. They also discuss Ryan's other projects exploring radio hacking tools and a magazine shining light on digital counterculture topics.

00:00 - Introducing Ryan

01:30 - What is SS7?

05:00 - SS7 attacks

08:05 - Research pathway

14:50 - Ryan's talk at BSides

16:20 - Using data to combat domestic abuse

30:00 - Protection from tracking

36:30 - Ryan's projects

44:15 - HVCK Magazine

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_quPJpAjyDZA

Cell Phone Tracking And SS7 - Hacking Security Vulnerabilities To Save Lives

Forensic Focus 25th September 2023 10:29 am

Ryan from Oxygen Forensics discusses how to use Oxygen's Android agent to collect Google Chrome data as a third party app on Android devices.

Ryan from Oxygen Forensics discusses how to use Oxygen's Android agent to collect Google Chrome data as a third party app on Android devices.

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_gNyq_7llqLA

Extracting Google Chrome Using Android Agent

Forensic Focus 22nd September 2023 3:07 pm

Load More... Subscribe
This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Samuel Grater, Digital Forensic Examiner, Surrey Police
Interviews

Samuel Grater, Digital Forensic Examiner, Surrey Police

ByForensic FocusOct 4, 2023
Register For The Webinar: The Complete Workflow For Video Analysis In Amped FIVE
News

Register For The Webinar: The Complete Workflow For Video Analysis In Amped FIVE

ByAmpedSoftwareOct 3, 2023
Forensic Data Collections 2.0 – A Selection Of Trusted Digital Forensics Content
Reviews

Forensic Data Collections 2.0 – A Selection Of Trusted Digital Forensics Content

ByForensic FocusOct 2, 2023
Forensic Focus Digest, September 29 2023
News

Forensic Focus Digest, September 29 2023

ByForensic FocusSep 29, 2023
Digital Forensics Round-Up, September 28 2023
News

Digital Forensics Round-Up, September 28 2023

ByForensic FocusSep 28, 2023
Advance Your Investigations With ADF Solutions’ Enhanced Screen Recording And Streamlined Features
News

Advance Your Investigations With ADF Solutions’ Enhanced Screen Recording And Streamlined Features

ByadfsolutionsSep 28, 2023