Learn to use various applications and utilities to successfully identify, process, understand and exploit numerous database structures found on iOS, Android, Windows and Apple systems.

Students will gain knowledge in how relational databases function in the storage of records and fields of information to support a front-end application.  SQLite will be covered in great detail where the attendee will learn how to recover deleted information from Free Pages and unallocated space within the primary and journal files using scripting techniques.  Additional databases will then be examined including ESE, MS Compound, UAV Data-files, and Binary Plists.

Students will examine data from a host of systems including: Mac, Windows, Android, iPhone.

• Discuss relational database principles
• Learn how to create a simple relational database
  • Build tables
  • Associate field types to table columns
  • Add records to tables
  • Create relationships between tables.

• Examine the internal structures of an SQLite database
• Learn how B-tree pages work in SQLite
• Discuss page structures
  • Define Page Header
  • Learning how to interpret Cell Pointer Array
  • Examine unallocated Space
  • Map Cell Content Area
  • Explore Freeblocks
• Discuss recovering records from page freeblocks
• Discuss recovering records from page unallocated space.

• Learn how overflow pages are used by the database
  • Explore page structure
• Learn how to identify freelist pages in a database
  • Explore freelist truck page structure
• Exercises in the recovery of deleted pages in the primary database
• Learn how rollback journaling works
• Explore the rollback journal file structure
  • Rollback journal header
  • Page structure
• Discuss Forensic recovery considerations

• Discuss the Extensible Storage Engine Data base structure
• Review typical implementation of the ESE data files
  • Windows Mail
  • Outlook
  • File History
  • Windows Search database
• Learn how data is added to this database and how data is deleted
• Discuss data recovery techniques
• Exercises in the analysis of the Windows Search database
• Exercises in the analysis of the Windows 10 Mail unistore database

• Introduction to Regular Expressions
• Creating Simple Expressions
• Exercises in RegEx pattern searching
• Using RegEx in PowerShell to exploit data
• Exercises in carve ISS logs using PowerShell and RegEx

• Explorer other databases commonly found on Apple and Microsoft systems
  • Registry structures
  • Binary PLists
  • MS Compound data files
• Examine data structures pertaining to UAV (Drone) activity
  • Examine Flight Logs
  • Synchronization logs
  • Bespoke cached data files from cloud-based synchronization
• Exercises in the examination of data files on Windows, Apple and android 

• Selfpaced examaintion of various databases