SQLite Forensics by Paul Sanderson

SQLite forensics is an important part of many digital forensic investigations. Most smartphones and computer operating systems use SQLite, with each device often including hundreds of databases. Despite this extreme proliferation, SQLite forensics is often overlooked in conversations about current trends in digital forensics. Paul Sanderson’s book attempts to redress the balance and bring attention to the importance of SQLite forensics.

The book opens with an introduction to SQLite forensics: what it covers, and how SQLite differs from most other databases. Astonishingly, there are over one trillion SQLite databases in circulation, a fact that the reader is introduced to on the first page – which definitely sets the scene for this being an important book!

Although the book does assume some knowledge of forensics in general and SQLite in particular, it begins with a short introduction to the basics of SQLite as a refresher for those who may need it. This covers creating tables and running simple queries, and if you’re looking for a bit more information there are several resources listed at the end of the chapter which should help you to find out more. Further resources are included at the end of every section, so if there’s a subject you’re particularly interested in, it’s easy to find out more.

Read my full review on Forensic Focus.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s