SQLite Forensics Online Training
About our online SQLite Forensic training
Our traditional in-class 5-day Complete SQLite Forensic Training has moved online! This new 10-day course combines both our SQLite Fundamentals class with our Advanced SQLite Forensics. Our live, instructor-led, online training provides you with the same in-depth SQLite learning experience as our on-site training over the course of 10 – 4 hour days.
How is it different from our on-site training?
In our online course, an instructor will go through the course material with you virtually so you can take it from anywhere. The online version of the course comes in two parts:
Each part is 5 days long and consists of 4 hours of instruction typically held from 9 am – 1 pm EST.
- Navigating and executing programs at the Command Line (Unix or DOS) is required.
- Beginner programming/scripting experience is helpful (but not required).
Included with Training
FREE! Students attending our SQLite Training will receive:
- A full version of Sanderson Forensics SQLite Forensic Toolkit software ($595 USD value.)
- USB flash drive (or in the case of online students – a link to a drive image) with SQLite Library full of useful scripts used in class, all course exercises/materials/software and hundreds of pages of SQLite documentation
Why SQLite Forensics
Both Google’s Android OS and Apple’s iOS are the dominant forces in today’s cellphone market – with the market share split fairly evenly between the two companies. While these two companies are rivals, with vastly different file systems, they do share one commonality; both use SQLite as a storage container for user data.
“SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.”
Mobile Forensic Analysts can easily leverage this commonality by learning the skills required to perform low-level analysis and recovery on SQLite databases. Once learned and mastered, examiners, can then support nearly 99% of the device data they will come across in most of their mobile device examinations.
To illustrate the vast amount of work to be done, as of January 2015, the Google Play Store reported 1.43 Million Applications being available in its Google Play Store. At the same time, Apple’s iTunes Store reported over 1.4 Million apps currently being available for download. That’s a total of over 2.8 MILLION apps. Even the most popular mobile forensic tool only supports parsing of 200 different applications. This support accounts for a miniscule %001 of the total apps and leaves a 99.999% gap!
- Course Duration:
- 10 Days / 4 hours per day – Daily attendance is mandatory.
- Required Equipment:
- – Laptop
- With FULL Administrative Rights – this includes rights for email access, application download, installation, configuration, etc.
- – Webcam & Microphone
- If you are unable to fulfil the equipment requirements, please contact us prior to the course start date.
- This class is open to active and retired Law Enforcement only.
- *Please Note: Due to the sensitive nature of our curriculum, and industry, all potential students are subject to vetting prior to enrollment. We reserve the right to refuse registration to any person that does not meet our established criteria.
“Great course. The exercises are well set up to immediately practice the skills taught in class. In a great mixture of theory/practice. I now feel confident browsing data within a SQlite DB. Thanks.”
What Will I Learn?
SQLite Fundamentals (Week 1)
- How SQLite works at the byte-level
- What are the different types of SQLite data components?
- What are the 5 common locations to recover SQLite data?
- How to perform report data validation.
- How to Reverse Engineer ANY SQLite database.
- Converting and identifying virtually any date format easily.
- Display BLOB data within the forensic tool.
- How to use a tool designed from the ground-up as a forensic tool.
- How to recover data from .SHM, .WAL and .journal files.
- How to generate reports quickly from any SQLite database to include externally linked images.
Advanced SQLite Forensics (Week 2)
- SQLite Record Recovery (Incomplete and Orphaned Records)
- Manual Parsing of: Write-Ahead Logs and Journal Files
- Advanced Data Recovery Scenarios
- Manual SQLite Data Recovery
- SQLite Payload Examination/SQLite Data Construct Parsing
- Using simulations to perform data testing/verification/decryption
- SQLite Encryption
- Advance Scenario Exam
We prefer students bring their own laptops whenever possible. If this is not possible, Teel Tech Canada will provide one for you. If you are unable to bring your own laptop, please indicate so on the registration page.
For students bringing a laptop to class, please ensure they meet the following minimum requirements:
- Windows 7
- Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
- macOS with Bootcamp Windows 7
- macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
- macOS alone will not work (No Virtual Machines)
- 8GB RAM (minimum)
- 100GB storage (minimum)
- You must have Admin rights or have the admin password for software installation.
- NOTE: ALL Windows updates should be done prior to class.