SQLite Forensics Paperback – May 12, 2018
|New from||Used from|
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Frequently bought together
Customers who viewed this item also viewed
- Item Weight : 1.51 pounds
- Paperback : 315 pages
- ISBN-10 : 1980293074
- ISBN-13 : 978-1980293071
- Dimensions : 7.5 x 0.71 x 9.25 inches
- Publisher : Independently published (May 12, 2018)
- Language: : English
- Best Sellers Rank: #569,923 in Books (See Top 100 in Books)
- Customer Reviews:
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
While much, if not all of the information is found on SQLite.org (as shown in his sourcing at the end of each chapter) the clarity, depth, and real world examples are where you get more than what you pay for with this book. The question of "How do I locate each individual column in hex contained in a cell or freeblock?" had been driving me crazy for years. Within the first 100 pages...boom! Knowledge unlocked! I knew the rowid and payload size were VARINTs... didn't know the VARINTs kept going!
Even in the brief chapter on writing SQL query statements... never knew about INSTR() or GROUP_CONCAT(). Now I have some new stuff to play with.
All in all if you are doing forensic examinations of SQLite this is a book you must have. We will all still use tools to do the bulk recovery, but this will help free you from being dependent to them as you can learn the structures, and how to rebuild, reformat, and report on your work.
So what makes this book amazing? It is the simple fact that Paul is going to walk you through how and why SQLite databases react the way they do. Learning things such as why iMessage messages may not be recovered after deletion from a specific version are HUGE. These are the things this field has so desperately needed, and it isn't going to take a $3K+ USD course to learn it. You'll learn it right here!
If you do mobile device forensics this book is must. Validate the results of your tools, find the data those tools might be missing, understand the why as well as the how.
SQLite Forensics is written clearly and concisely, yet encompasses more than I have ever seen in regards to SQLite databases and forensic analysis. This is not a book to read if you don't have anything to do with SQLite. Conversely, if you conduct forensic analysis, then this book has become a required reading, and needs to be within arms reach every time you are looking at anything having to do with anything about SQLite in your forensic work.
Nicely done, Paul. Nicely done.
The book offers a great introduction to the basic structure of SQLite, tables, file format etc. and then moves on to explain how to work the files for forensics: record recovery, parsing as well as the additional artefact storages, the write ahead log (WAL) and schemas.
Finally a comprehensive chapter on query building and extraction of data in a structured, refined way.
If going down the rabbit hole of mobile forensics, this book is must have, as you *will* be parsing a lot of artefacts by hand, and those will be SQLite DB files.
The book I wished I had before taking a class in mobile forensics.
Top reviews from other countries
The book is really well written, it makes the subject approachable and covers all the key information in a logical manner. What Brian Carrier achieved with 'File System Forensic Analysis' and Harlan Carvey with 'Windows Registry Forensics', Paul has now done here. That is to say he has written a book which was immediately useful and will live on the shelf within arms reach as a reference for years to come.