Thursday, August 16, 2018

Daily Blog #454: SQLite Write Ahead Logs and Python

Hello Reader,
           If you haven't already done so check out this blog post from Malware Maloney:
https://malwaremaloney.blogspot.com/2018/08/windows-10-notification-wal-database.html

In it not only does author show how to create a new query for pulling messages from the database he also extended a SQLite python library to correctly decode the write ahead log of the SQLite database that stores the notifications. Meaning you can recover more deleted messages.

Give it a read and in a future post let's take that and write a script around it.