Viewing SQLite Database Evidence
Posted by Jack H. Ward, Last modified by Jack H. Ward on 05 February 2018 05:56 AM

Data in SQLite Database evidence is stored in a tree-like structure. The following data is displayed in the Case Content pane:

  • Evidence node – <SQLite file filename or any other>
  • Evidence type node – SQLite Database
  • Tables
The content of the selected table is displayed in the Data View pane. The names of the columns are the same as in the original SQLite database.

Electronic Evidence Examiner also allows you to view embedded binary files in SQLite database evidence.

If an SQLite database contains binary files embedded in the database, these files are displayed in the Attachments pane as an e-mail message attachments when the user selects a corresponding record in the grid.  If the record contains several embedded files, they all are displayed in one list.

To investigate embedded binary files:

1.Select the necessary table in the Case Content pane.

2. Select the necessary record in the Data View pane. 
3. Click the Attachment file in the Attachments pane for a selected record.
4, The file is displayed in Text, Hex and File viewers.

 SQLite database.png (27.90 KB)
(0 vote(s))
Not helpful

Comments (0)