The popular database format SQLite is used in a variety of mobile devices and computers for data storage. Among others, well-known browsers such as Google Chrome, Mozilla Firefox and Opera, as well as apps like WhatsApp and Skype store their data in this database format.

SQLite in Mobile Forensics

In Mobile Forensics, the detailed analysis of databases plays an important role. Due to their features, SQLite databases are used in all mobile operating systems. Apps often store information directly in these databases, so they can contain important case data. Forensic toolkits decode databases automatically and display them in a structured way, however depending on the toolkit, only 20-200 apps are supported, which is a small number as there are about 3.4 million apps available in the Google Play Store alone.

Furthermore, depending on the toolkit, only certain app versions for certain operating systems are supported – so important case data could be overlooked. The detailed analysis of SQLite databases also allows an exact recovery of deleted information and specific data queries.

SQLite Training at T3K-Forensics

Because of the importance of SQLite databases in the mobile forensic analysis, T3K-Forensics offers a 3-day “L2B SQLite Forensics for smartphones” training, which addresses the correct analysis and interpretation of SQLite databases. The training provides a good overview of SQLite analysis tools on the market, as well as a high practical relevance resulting from our work as expert witness. For further information, visit our T3K trainings website: https://www.t3k-trainings.com/trainings-en/sqlite-forensics-for-smartphones/

SQLite Forensics Training