SQLite Recovery is a forensic tool to aid in the recovery of SQLite databases, tables and records. SQLite Recovery can search a disk, volume, image or file for deleted SQLite databases.
The output of SQLite Recovery is individual sqlite databases that can be investigated with other forensic software such as SkypeAlyzer.
|UPDATE SQlite Recovery can now keyword search on multiple keywords across ALL carved sqlite tables simultaneously irrespective of the table schema.|
SQLite Recovery is only available as part of the SQLite Forensic Toolkit.
A demo version can be downloaded here.
A short video showing the basic operation of SQLite Recovery is available below:
A video showing SQLite Recoveries facilities to search multiple carved databases irrespective of the table schemas is at this link:
SQLite Recovery is template based and can recover databases from templates created by the user (which can also be shared amongst users). The process of creating templates is very straight forward and in a lot of cases is just point and click.
However SQLite Recovery can also optionally identify deleted database schemas and create & extract records from databases that the investigator has not specified via a template. These databases are grouped together and displayed for the investigator to determine relevance to their investigation.
The recovered SQLite tables are displayed to the user in a multiple grids and advanced filters are provided that will allow the user to manually "clean up" any corrupt or non-valid records in the recovered databases by deleting records, including all duplicate records.
Advanced filtering functions are provided to allow the investigator to identify valid or invalid records
As a forensic tool SQLite records the location of each recovered database row.