SQLite Forensics Fundamentals16 Hours / 2-Day
This course will give participants an understanding of SQLite, how data is stored and the skills necessary to create queries to extract, interpret and present information in a meaningful manner. This includes translating dates and times and querying information stored in multiple tables to create a more robust report.
- This module will introduce you to the SQLite Database and how it has been implemented by the applications that we use on a daily basis.
SQLite Database Structures
- This module will give you a basic understanding of the main database file. We will decode the database using information from the file header and explore b-tree page structures at a hex level.
SQLite Querying Language
- This module will provide you with the knowledge to construct queries to extract, interpret and create more robust reports from multiple database tables.
Exercises on SQLite Databases
Using the skills learnt in previous modules we will decode and interrogate the Microsoft Edge Chromium and Mozilla Thunderbird SQLitedatabases.
SQLite Journal Files
This module is an introduction to Rollback Journals and Write-ahead logs. We will discuss how journaling works, journal file structures and some forensic considerations when dealing with these type of files.
SQLite Database Schema
This module provides an understanding of the database schema. We will explore the sqlite_master table to look at tables and the data types they can hold. We will also discuss indexes, triggers and views and how they can be useful during an examination.
- 16hrs of Instruction
- Course Manual
- Practical Files
- Attendance Certificate
To get the most out of this class, you should:
- Have 6 months of experience in forensic examinations.
Download the Syllabus
Download a printable copy of the course description and key learning points.
If you are interested in hosting this, or any of our courses at your facility, contact us.