Daily Blog #454: SQLite Write Ahead Logs and Python

Hello Reader,
           If you haven't already done so check out this blog post from Malware Maloney:

https://malwaremaloney.blogspot.com/2018/08/windows-10-notification-wal-database.html

In it not only does author show how to create a new query for pulling messages from the database he also extended a SQLite python library to correctly decode the write ahead log of the SQLite database that stores the notifications. Meaning you can recover more deleted messages.

Give it a read and in a future post let's take that and write a script around it.

Also Read: Daily Blog #453

Read More

Daily Blog #292: Forensic Lunch 4/11/14 - Discussion Anthony Di Bello and David Dym on CIEC and SQLiteDiver

Hello Reader,
         We had a few audio issues today that you'll hear in the recording. The good news is that it didn't effect our guest Anthony Di Bello from Guidance Software and we cleared it up in the last half of the show. This week we had:

Anthony Di Bello from Guidance Software talking about CEIC. CEIC is our industries biggest conference and we will be there. If you are interested go here http://www.guidancesoftware.com/ceic/Pages/about-ceic.aspx and follow them on twitter @encase

David Dym talking about his upcoming talk on SQLite forensics at CEIC and the early release of a new tool called SQLiteDiver which comes in GUI and CLI forms. You can download SQLiteDiver here: http://www.easymetadata.com/Downloads/SQLiteDiver/ and you can see Dave talk about it and SQLite forensics at CEIC!

Also Read: Daily Blog #291

Read More