Using SQLite Gaps to Recover More Data in Digital Investigations
Special Guests: Ian Whiffin – Sr. Digital Intelligence Expert, R&D at Cellebrite and Shafik Punja – Digital Forensic Examiner/Analyst
In this episode, we are joined by Ian Whiffin, a senior digital intelligence expert at Cellebrite, and Shafik Punja, a digital forensics examiner and analyst. They will be discussing SQLite and how to use it effectively during digital investigations.
What is SQLite?
SQLite is a relational database management system, which is portable and lightweight. It is simple to install and very powerful and fast. It also has all the features that make it appealing to be used by a variety of applications across device sectors. Instead of being a client-server database, SQLite is embedded into the end program.
Where is SQLite Used?
Because it is so inexpensive and easy to learn, SQLite is found on computers, websites, mobile devices, smart TVs, refrigerators, and in many cases, on vehicles.
- There are various types of extensions that you can encounter across a wide variety of different types of file systems. There are at least six different variants and some files have no extensions at all.
- Regardless of which application is used to view the SQLite database, you should typically see a list of tables, headers, columns/fields, and rows.
- An important thing to keep in mind is the use of “journal files,” which keep track of the changes being made to a database.
Listen to the full episode to learn more about SQLite records analysis.