Improve your experience. We are very sorry but this website does not support Internet Explorer. We recommend using a different browser that is supported such as Google Chrome or Mozilla Firefox.

SQLite Forensics Online Training

Our traditional in-class 5-day Complete SQLite Forensic Training has moved online! This new 10-day course combines both our SQLite Fundamentals class with our Advanced SQLite Forensics. Our live, instructor-led, online training provides you with the same in-depth SQLite learning experience as our on-site training over the course of 10 – 4 hour days.

Description


android logo

In this course you'll discover:

  • How SQLite works at the byte‐level
  • What are the different types of SQLite data components
  • What are the 5 common locations to recover SQLite data
  • How to perform report data validation
  • How to Reverse Engineer ANY SQLite database
  • Converting and identifying virtually any date format easily
  • Display BLOB data within the forensic tool
  • How to use a tool designed from the ground‐up as a forensic tool
  • How to recover data from ‐WAL and ‐journal files
  • How to reverse engineer and generate reports quickly from any SQLite database

Why SQLite Forensics?

Both Google’s Android OS and Apple’s iOS are the dominant forces in today’s cellphone market – with the market share split fairly evenly between the two companies. While these two companies are rivals, with vastly different file systems, they do share one commonality; both use SQLite as a storage container for user data. “SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.”

Mobile Forensic Analysts can easily leverage this commonality by learning the skills required to perform low-level analysis and recovery on SQLite databases. Once learned and mastered, examiners, can then support nearly 99% of the device data they will come across in most of their mobile device examinations.

To illustrate the vast amount of work to be done, as of January 2015, the Google Play Store reported 1.43 Million Applications being available in its Google Play Store[2]. At the same time, Apple’s iTunes Store reported over 1.4 Million apps currently being available for download. That’s a total of over 2.8 MILLION apps. Even the most popular mobile forensic tool only supports parsing of 200 different applications. This support accounts for a miniscule %001 of the total apps and leaves a 99.999% gap!

Prerequisites

It is recommended students have an understanding of:

  • Navigating and executing programs at the Command Line (Unix or DOS) is required.
  • Beginner programming/scripting experience is helpful (but not required).

This course is reserved for active & retired Law Enforcement Only, or in certain cases examiners that have been contracted by a Law Enforcement, Military or Government Agency.

Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria.

Course Itinerary

SQLite Fundamentals - Week 1

  • How SQLite works at the byte-level
  • What are the different types of SQLite data components?
  • What are the 5 common locations to recover SQLite data?
  • How to perform report data validation.
  • How o Reverse Engineer ANY SQLite database.
  • Converting and identifying virtually any date format easily.
  • Display BLOB data within the forensic tool.
  • How to use a tool designed from the ground-up as a forensic tool.
  • How to recover data from .SHM, .WAL and .journal files.
  • How to generate reports quickly from any SQLite database to include externally linked images.

Advanced SQLite Forensics Week 2

  • SQLite Record Recovery (Incomplete and Orphaned Records)
  • Manual Parsing of: Write-Ahead Logs and Journal Files
  • Advanced Data Recovery Scenarios
  • Manual SQLite Data Recovery
  • SQLite Payload Examination/SQLite Data Construct Parsing
  • Using simulations to perform data testing/verification/decryption
  • SQLite Encryption
  • Advance Scenario Exam

Included with Training


Sanderson Foernsics Logo

  • A free one-year license of Sanderson Forensics SQLite Forensic Toolkit Software
  • Students will receive a link to download the course material and datasets to be used in class.

Laptop Requirements


Digital Forensics Google Group

  • Windows PC with two (2) USB A ports.
  • Windows OS
  • macOS with Bootcamp Windows
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class.

Similar courses

Chip-Off Forensics 2.0

The Teel Tech Advanced Chip-Off 2.0 Forensics training with certification provides students with a comprehensive education in performing forensics on the BGA memory chips used in today’s mobile devices.

More Information
In-System Programming (ISP) Forensics

In this 5-day course students will gain the skills needed to perform ISP extractions from devices with eMMC and eMCP memory.

More Information
SQLite Forensics Training

In this 5-day course students will develop the skills required to perform low-level analysis and recovery of SQLite databases.

More Information
ACELab PC-3000 Flash Data Recovery Basic Online Training

PC-3000 Flash Data Recovery Basic Online Training

More Information
Combined JTAG/Chip-Off Forensics

In this combined JTAG and Chip-off class, students learn the skills required to successfully perform memory acquisitions using the JTAG and using Advanced BGA Chip-off Techniques. The comprehensive course enables examiners to gain the essential knowledge of the practice and plenty of hands-on time working with devices.

More Information
Combined Chip-Off/ISP Forensics

Teel Tech Canada is now offering an 8-day Combined ISP/Chip-Off 2.0 training. In this class Digital Forensic Investigators will explore the foundations of both In-System Programming and Chip-Off 2.0 Forensics.

More Information
ACELab PC-3000 Flash Forensic Expert Online Training

In the ACELab PC-3000 Flash Forensic Expert Online Training course, you’ll remotely solve live cases under the supervision of the instructor. The ACELab interactive training offers students the opportunity to ask questions and get help, just like in an in-person classroom setting. This online class is limited to 3 students, ensuring students receive the necessary individual attention needed to master the subject matter.

More Information
ACELab PC-3000 HDD Data Recovery Basic Online Training

PC-3000 HDD Data Recovery Basic Online Training

More Information
ACELab PC-3000 HDD Forensic Expert Online Training

In this NEW ACELab PC-3000 HDD Forensic Expert Online Training course, you’ll solve live cases under the supervision of the instructor remotely. This interactive training offers students the opportunity to ask questions and get help, just like in an in-person classroom setting.

More Information
ACELab PC-3000 RAID Data Recovery Basic Online Training

Join the experts at ACELab for this 1-day online RAID data recovery training.

More Information
Cybercrime Investigation Training

Embark on a comprehensive journey into the world of cybercrime investigations. This course covers foundational networking knowledge, enabling participants to navigate internet services and understand cyber threats without relying on third-party tools.

More Information

Press enter to see more results