Information Technology Reference
In-Depth Information
and times of the content. The examiner should make a copy of the original output to use
for a date/time comparison.
Using SQLite Browser
SQL Browser is a tool that can help during the course of analyzing the extracted data.
SQLite Browser allows you to explore the database files with the following extensions:
.sqlite
,
.sqlite3
,
.sqlitedb
,
.db
, and
.db3
. The main advantage of using
SQLite Browser is that it shows the data in a table form. Navigate to
File
|
Open Data-
base
to open a
.db
file using SQLite Browser. As shown in the following screenshot,
there are three tabs:
Database Structure
,
Browse Data
, and
Execute SQL
. The
Browse
Data
tab allows you to see the information present in different tables within the
.db
files.
We will be mostly using this tab during our analysis. Alternately,
Oxygen Forensic
SQLite Database Viewer
can also be used for the same purpose. Recovering deleted data
from database files is possible and will be explained in
Chapter 10
,
Android Data Recov-
ery Techniques
.
SQLite Browser
The following sections throw light on identifying important data and manually extracting
various details from an Android phone.
Extracting device information
Knowing the details of your Android device, such as the model, version, and more, will
aid in your investigation. For example, when the device is physically damaged and pro-
