In this short article I go through a whirlwind tour of some of the features of The Browser showing the results on different databases, it briefly covers: Once a query has been created it can be saved for future use or shared with other users.
Sqlite browser filter range generator#
In simple terms The Forensic Browser for SQLite is a visual, Drag and Drop, SQL query generator that allows a user to examine every column and row in every table in any database and produce custom compound reports across multiple tables. The Forensic Browser for SQLite was written to address all these issues. We really need a tool that will allow us to create a nicely formatted custom report on just those tables and columns that we want, restricting the report, if required, to just certain users/rows and on databases that we may never have seen before. There are literally millions of apps that use SQLite as storage on both phones and desktop and as mentioned above these apps usually have a changing DB structure and contain masses of data. A tool that produces a nice simple report cannot possibly extract all of the relevant data from these columns – if we don’t look at them all how do we know that we are not missing crucial evidence? For instance the Skype contacts table contains (when I last counted) 98 different columns. Some tables are huge, and by that I mean contain lots of data well beyond the ability of a generic tool to display in a nicely formatted report. New tables and fields are added to databases all the time and although a tool might produce what looks like a comprehensive report, without looking further we don’t know what we are missing! Is our tool extracting all the relevant information for our case? (very often not).What do we do if our tool doesn’t support that DB? (there are lots).What happens if the database schema has changed? (this happens regularly).This might be OK, but we are potentially missing a whole host of evidence. We quite often usually leave the investigation there and look no further.
We all know that SQLite has become pervasive and is common on pretty much every investigation we do and we often rely on your Swiss army knife type tools to produce reports on the supported databases found in an image.
0 kommentar(er)
