Daily Blog #702: Sunday Funday 8/9/20 - Extensible Storage Engine (ESE) database Challenge


Hello Reader,

           It's been awhile! I wish I could tell you what all I've been up too, but needless to say real investigations got so crazy between May-August that I couldn't even find time to blog without losing even more sleep. So let's pick up where we left off with a Sunday Funday! This week we address a database format we are seeing more and more as developers realize what a useful alternative it is to SQLite on a windows system. This week is all about ESE databases! 



The Prize:


$100 Amazon Giftcard

And an apperance on the following week's Forensic Lunch!

The Rules:

  1. You must post your answer before Friday 8/14/20 7PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:

When looking at Extensible Storage Engine (ESE) database artifacts (also known as 'Jet Blue' or .edb file):

1. Recover deleted messages from an ESE database from a live database or from the transaction journal. 

2. Determine what other applications other than IE, Search Index and SRUM make use of it

3. Determine how to avoid data loss when copying it from a live system

Also Read: Daily Blog #701