Hello Reader,
If you haven't already done so check out this blog post from Malware Maloney:
If you haven't already done so check out this blog post from Malware Maloney:
https://malwaremaloney.blogspot.com/2018/08/windows-10-notification-wal-database.html
In it not only does author show how to create a new query for pulling messages from the database he also extended a SQLite python library to correctly decode the write ahead log of the SQLite database that stores the notifications. Meaning you can recover more deleted messages.
Give it a read and in a future post let's take that and write a script around it.
Also Read: Daily Blog #453
Post a Comment