performing-sqlite-database-forensics

Featured

Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.

API & Backend 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing SQLite Database Forensics ## Overview SQLite is the most widely deployed database engine in the world, used by virtually every mobile application, web browser, and many desktop applications to store user data. In digital forensics, SQLite databases are critical evidence sources containing browser history, messaging records, call logs, GPS locations, application preferences, and cached content. Forensic analysis goes beyond simple SQL queries to examine the internal B-tree page structures, freelist pages containing deleted records, Write-Ahead Log (WAL) files preserving transaction history, and unallocated space within database pages where recoverable data may persist after deletion. ## When to Use - When conducting security assessments that involve performing sqlite database forensics - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - DB Browser for SQLite (sqlitebrowser) - SQLite command-line tools (sqlite3) - Python 3.8+ with sqlite3 module - Belkasoft Evidence Center or Axiom (commercial) - Hex editor (HxD, 010 Editor) for manual page inspection - Understanding of B-tree data structures ## SQLite Internal Structure ### Database Header (First 100 Bytes) | Offset | Size | Description | |--------|------|-------------| | 0 | 16 | Magic string: "SQLite format 3\000" | | 16 | 2 | Page siz...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

SQLite · Database

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-mobile-device-forensics-with-cellebrite

Acquire and analyze mobile device data using Cellebrite UFED and open-source tools to extract communications, location data, and application artifacts.

13,115 Updated today
mukul975
AI & Automation Featured

performing-disk-forensics-investigation

Conducts disk forensics investigations using forensic imaging, file system analysis, artifact recovery, and timeline reconstruction to support incident response cases. Utilizes tools such as FTK Imager, Autopsy, and The Sleuth Kit for evidence acquisition, deleted file recovery, and artifact examination. Activates for requests involving disk forensics, hard drive analysis, forensic imaging, file recovery, evidence acquisition, or digital forensic investigation.

13,115 Updated today
mukul975
Data & Documents Solid

ctf-forensics

Provides digital forensics and signal analysis techniques for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, cryptocurrency transactions, steganography, PDF analysis, Windows registry, Volatility, PCAP, Docker images, coredumps, side-channel power traces, DTMF audio spectrograms, packet timing analysis, CD audio disc images, or recovering deleted files and credentials.

2,250 Updated 1 months ago
ljagiello
API & Backend Solid

forensics-osquery

SQL-powered forensic investigation and system interrogation using osquery to query operating systems as relational databases. Enables rapid evidence collection, threat hunting, and incident response across Linux, macOS, and Windows endpoints. Use when: (1) Investigating security incidents and collecting forensic artifacts, (2) Threat hunting across endpoints for suspicious activity, (3) Analyzing running processes, network connections, and persistence mechanisms, (4) Collecting system state during incident response, (5) Querying file hashes, user activity, and system configuration for compromise indicators, (6) Building detection queries for continuous monitoring with osqueryd.

335 Updated today
aiskillstore
AI & Automation Featured

extracting-browser-history-artifacts

Extract and analyze browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge for forensic evidence of user web activity.

13,115 Updated today
mukul975