Have you ever needed to create a report from an SQLite database that is not supported by your current forensic tools, or your current forensic tool only supplies a subset of the data? Have you looked at an SQLite database and been frustrated that a date column is displayed as just a string of user unfriendly digits? Would you like to look at a blob field as a picture rather than just see "blob" displayed in the field? Would you like to create a PDF report with just a few columns in a particular order from certain users sorted by a date field? Would you like to do this just using drag and drop and your mouse?
Forensic Browser for SQLite allows you (all without typing a single sql query) to:
- Automatically recovered deleted and partial records from DBs and associated journals/WALs
- Remove duplicate records if required
- Identify multiple previous database states from DBs with WAL files
- Break down complex Binary Plist and facebook orca2 blobs and perform queries on resulting data
- Perform a simple visual select on some or all of the fields in a table
- Perform more complex visual joins on multiple tables
- Add groups, aliases and where clauses if required
- View the resulting SQL select commands of the above
- See the resulting table in a grid form and further sort and filter results
- Convert numbers to dates (Unix10/13, Windows 64 bit, NSDate/Chrome, Mac absolute and more)
- Find and display pictures in blobs (JPG, PNG, GIF, TIF etc.)
- Import pictures held in the file system to associate and display in a query/report
- Display a number as meaningful text (sent/received/draft etc.)
- Display latitude and longitude fields on a map
- Export a selected blob or all blobs in DB to a file
- Build and integrate custom extensions
- See the hex that relates to as particular record and identify exactly where in a DB/journal/WAL the record comes from
- See hex view of blobs
- Decode a binary plist stored as a blob
- Decode base64 encoded text/data
- Choose which columns you want to see in the grid/report
- Iteratively go back and modify your SQL if the results are not as expected
- Highlight SQL errors if you choose to create queries by hand (no errors if you use the drag and drop visual query designer)
- Preview a report with custom headers/footers/formatting
- Print the report to a HTML/XLSX/CSV/PDF and save your SQL query with the report
- Unicode support
- Add different formats for dates and times in individual fields
- On the fly Timezone adjustments
- Find and review all SQLite databases in a folder structure
- Translate IOS backup folder names
- Maintain a query history that you can revisit
- Provide a case manager for often used queries that you can share between users
- Attach and query across multiple databases
- Maintain a case log of actions
and lots more...
I have written browser extensions to:
- Extract and display the images (attachments) for the Kik messenger stored in external binary plists
- Convert Facebook geolocation fields so that the browser can display a map of where a message was sent
- Decode Tango messenger base64 encoded message structures
- Import downloaded pictures saved with Blackberry messenger on IOS
- View the content of the Google Chrome Cache files
- Decode the usernames and IP addresses from Skype ChatSync files
More @Code:
PHP Code:
https://sandersonforensics.com/forum/content.php?198-Forensic-Browser-for-SQLite