![]() ![]() The designer and corresponding (automatically created) SQL query looks as below: but the user is stored as an integer and we need to do a look up (JOIN) on the primary key of the users table.Ĭreating this join in The Forensic Browser is straight forward, we first drag the ZKIKMESSAGE table to the query designer window, then drag the ZKIKUSER table to the query designer window and then left click the ZUSER row in the ZKIKMESSAGE table and drag the mouse to the Z_PK row in the ZKIKUSER table. So what about more complex databases, a brief examination of the Kik messenger DB shows that the messages table records the message details, date and time etc. Or if we are interested in a particular date range all we need to do is choose the custom option from the filter menu:Īnd enter the range of dates we would like to filter on: We can filter on any value in a column by clicking on the ‘filter icon’ for that particular column header and just ‘check mark’ those entries that we want to see: Now we have our report we may want to filter so that just certain rows are returned. Blobs can be displayed as pictures, Etc.: Boolean 1/0 fields can be displayed as yes/no, on/off or true/false. Right clicking on any column allows the user to change the display of the data in that column.Īny numeric date fields (unix 10 digit in the example above) can be displayed in any text format and timezone and DST conversions can be applied. as is present in the database with no conversion, the blob field is shown as hex (the default for the Forensic Browser): The screenshot below shows the results of a query on just four fields from 96 in the contacts table. In the examples above the date is just displayed as an integer, so what about changing the way a column is displayed – again this is straight forward. Hit “Create Report” to create and save your report to disk as a PDF The SQL for your query is automatically generatedĦ. Open the database in the normal manner from the “File” menuĢ.ĝrag the table you want to report on from the tables list on the right hand side into the central visual query designer and select the columns you want in your reportģ. Ğxporting all of the above (including pictures and maps) in a report to HTML/XLS/PDFĬreating a report on selected columns from a table is simplicity itself, as this example from a Skype database shows:ġ.Ĝreating SQL joins using just drag and drop.ğiltering reports on particular users or for a custom period.ĝisplaying blobs as pictures/hex/decoded binary plist, Boolean integers as a more meaningful yes/no/true/false/on/off.ĝisplaying an integer column as a formatted date string with an appropriate timezone offset. ![]() In this short article I go through a whirlwind tour of some of the features of The Browser showing the results on different databases, it briefly covers: ![]() Once a query has been created it can be saved for future use or shared with other users. In simple terms The Forensic Browser for SQLite is a visual, Drag and Drop, SQL query generator that allows a user to examine every column and row in every table in any database and produce custom compound reports across multiple tables. The Forensic Browser for SQLite was written to address all these issues. We really need a tool that will allow us to create a nicely formatted custom report on just those tables and columns that we want, restricting the report, if required, to just certain users/rows and on databases that we may never have seen before. There are literally millions of apps that use SQLite as storage on both phones and desktop and as mentioned above these apps usually have a changing DB structure and contain masses of data. ![]() A tool that produces a nice simple report cannot possibly extract all of the relevant data from these columns – if we don’t look at them all how do we know that we are not missing crucial evidence? For instance the Skype contacts table contains (when I last counted) 98 different columns. New tables and fields are added to databases all the time and although a tool might produce what looks like a comprehensive report, without looking further we don’t know what we are missing!Some tables are huge, and by that I mean contain lots of data well beyond the ability of a generic tool to display in a nicely formatted report.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |