SQLiteDiver

A new tool for reviewing SQLite 3 databases!

SQLiteDiver is for mobile and browser SQLite databases that can decode dates from various formats such as Unix epoch, Mac ePoch that are often stored as integers and have to be decoded by hand.  There are two interfaces available, a graphical viewer and a console version. The overall goal is for quick and easy data review with conveniently decoded of date-times.

The idea for this grew out of preparation for my talk on SQLite Forensics I’ll be giving at the CEIC conference in May.  Having to decode date’s in mobile databases has always annoyed me and the idea quickly grew from a proof of concept to something I thought could add value. It’s an alpha but working copy, I hope you find SQLiteDiver useful!

The viewer

Viewing the Thumbnails db used by a popular web browser.

Another view with the datetimes decoded from the Cookies db.

 The Console

The console version outputs each table in a tab delimited text file.

With easily reviewable data and decoding of dates I think you’ll find SQLiteDiver very useful.  Not having to run some of the bulkier suites out there or commercial SQLite database editors that could leave you open to altering the database you may just get your answer quicker.

You can get a copy of SQLiteDiver in Downloads.

Disclaimers

Note: The date decoding has been tested but should not be used without cross validation with other tools since version 0.1 is an alpha release!

Note: The console version. It currently does not dump Byte[] data. In the future I hope to have it decode Byte[] for the console output.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.