Elusive Data digital forensics training — certified courses in SQLite forensics, Python for mobile forensics, and mobile device forensics

Kaikki mitä tarvitset analysoidaksesi mobiili- ja sovellusdataa itse.

Sertifioitu SQLite-tekninen koulutus, koko ohjelma

advanced level | 24 cpe's | updated 2026

Opi SQLite Forensics through a certified, hands-on training course built for professionals investigating mobile app data. Updated for 2026, this course teaches you how to manually analyze and recover data that standard tools often miss, including deleted records, WAL files, and unallocated space.

Koulutuksessa keskitytään syvälliseen rikostekniseen tulkintaan, sivutason dekoodaukseen ja käytännön taitoihin edistyneissä digitaalisissa tutkimuksissa.

Aloita tilauskurssi Pyydä tiimikoulutusta

SQLite Visualizer included in course | Work dramatically faster and recover more evidence than ever before​​

See scheduled courses Questions? Contact us
Certified Training

Sertifioitu SQLite Forensics -koulutus

Advanced SQLite forensics training for investigators who need to recover, decode, validate, and explain SQLite evidence from mobile apps and digital systems.

What you will learn

  • Understand SQLite internals, pages, records, freelists, and overflow structures
  • Analyze WAL/SHM files and reconstruct forensic timelines
  • Recover deleted data and rebuild records from fragments
  • Validate findings for reporting, review, and testimony
  • Apply practical workflows using SQLite Visualizer software

Who it is for

Forensic examiners, investigators, incident responders, and analysts who need to go beyond standard tool output and understand SQLite evidence at a deeper level.

Why teams choose it

  • Certificate of completion and 24 CPE credits
  • Built for modern mobile and app-based investigations
  • Hands-on labs with realistic forensic scenarios
  • Available On-Demand, Live Online, or Onsite
  • Bundled with SQLite Visualizer Basic or Advanced

Want the full syllabus or help choosing a training format?

Contact Sales Lataa kurssin hahmotelma
Training Formats

Valitse koulutusmuoto

Choose the delivery format that fits your team. Each training package includes certified SQLite Forensics training and a SQLite Visualizer license.

Certificate + 24 CPE credits
Hands-on labs and CTF challenges
SQLite Visualizer included
On-Demand Self-paced

On-Demand + Basic

Certified self-paced training with Basic software

€1,490
$1,750 · CAD $2,400
Osallistujaa kohti
  • Certified SQLite Forensics training
  • SQLite Visualizer Basic included
  • Online learning platform access
Contact Sales
On-Demand Self-paced

On-Demand + Advanced

Certified self-paced training with Advanced software

€1,950
$2,300 · CAD $3,125
Osallistujaa kohti
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
Contact Sales
Live Online Instructor-led

Live Online + Advanced

Certified remote training for teams

€2,290
Osallistujaa kohti
Available for groups of 3+
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • Live Q&A and guided labs
Contact Sales
Onsite In-person

Onsite + Advanced

Certified in-person training for teams

From €3,890
Osallistujaa kohti
Available for groups of 5+
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • Delivered onsite or partner-hosted
Contact Sales
Not sure which training format is right? Ask us for a recommendation ⟶
Kurssin sisältö - Certified SQLite Forensics
Oppimistulokset

What You’ll Learn

Build the skills to interpret SQLite evidence with confidence — from raw database structures to deleted records, WAL activity, and court-defensible reporting.

Core Skills

  • Ymmärtää, miten SQLite tallentaa tietoja See how apps write, delete, and structure data inside SQLite databases.
  • Lukee raakatietokantatiedostoja luotettavasti Explore SQLite files manually without relying only on black-box tools.
  • Palauta poistetut tai piilotetut tiedot Extract freelist content, overflow records, and fragments others often miss.
  • Use a repeatable forensic workflow Navigate unsupported databases and validate findings step by step.
  • Explain findings clearly Present what you found and how you found it in reports or testimony.

Included in Your Training

  • Realistic mobile app datasets Work hands-on with data based on practical forensic scenarios.
  • CTF-style forensic challenges Apply recovery and validation skills in structured practical exercises.
  • SQLite internals explained visually Learn headers, pages, freelists, overflow chains, WAL, and SHM step by step.
  • Flexible delivery formats Train on-demand, live online, or onsite depending on your team’s needs.
  • Certificate and 24 CPE credits Receive verifiable completion documentation for professional records.

Ready to explore the full training package?

Contact Sales Lataa kurssin hahmotelma
Kurssin sisältö

Training Modules

A practical, structured course covering SQLite fundamentals, database internals, deleted data recovery, and WAL/SHM analysis.

01 Johdatus SQLite-tekniseen tutkimukseen +
  • PListien ja XML-tiedostojen ymmärtäminen
  • Työskentely base64-koodattujen tietojen kanssa
  • Introduction to SQLite databases
  • Yleiskatsaus protokollapuskureihin
  • B-Tree-muodon tutkiminen
  • Tietokilpailu + käytännön harjoitukset
02 SQLite-tietokannan rakenne +
  • The database header
  • Page headers
  • Variable-length integers, or VarInts
  • Manual record parsing
  • Vapaat lukot ja pirstoutuminen
  • Freelist pages and deleted data
  • Overflow pages and large record chains
  • Tietokilpailu + käytännön harjoitukset
03 SQLite-tietokantojen luominen ja niissä navigointi +
  • Creating tables and schema
  • Inserting and adding records
  • Running and analyzing SQL statements
  • Deleting records and forensic implications
  • Tietokilpailu + käytännön harjoitukset
04 Tietokannan jälleenrakennus ja palautus +
  • Case study introduction
  • Structural analysis of SQLite files
  • Freeblock recovery techniques
  • Rebuilding freelist trunk pages
  • Recreating interior table leaf pages
  • Finalizing reconstruction
  • Tietokilpailu + käytännön harjoitukset
05 WAL & SHM Analysis +
  • Miksi SQLite käyttää WAL:ia ja SHM:ää
  • Dissecting the WAL file
  • Understanding SHM and page frame mapping
  • Visualizing WAL growth over time
  • Forensic use of WAL/SHM in investigations
  • Tietokilpailu + käytännön harjoitukset
Also Included

Mitä muuta sisältyy

The course is designed to support practical learning, repeatable workflows, and defensible forensic analysis.

Interactive CTF Challenges Work through realistic forensic puzzles using mobile app data.
SQLite Visualizer Software Training packages include SQLite Visualizer Basic or Advanced.
Downloadable Labs Practice with deleted, fragmented, and overflowed SQLite content.
Expert Guidance Instructor support and guidance for course-related questions.
Flexible Access Choose on-demand, live online, or onsite delivery formats.
Certificate + CPE Receive a certificate of completion and 24 CPE credits.

Need help choosing the right training format?

Ask for a Recommendation View Training Catalog
Kenelle tämä kurssi on tarkoitettu - Certified SQLite Forensics
Who It’s For

Built for Digital Forensic Professionals

This course is designed for investigators and analysts who need to go beyond standard tool output and interpret SQLite evidence with confidence, precision, and defensibility.

It’s especially valuable if you:

  • Work with mobile app data Analyze SQLite evidence from iOS, Android, and other app-based sources.
  • Need to validate tool output Understand what commercial tools found — and what they may have missed.
  • Investigate unsupported apps Build confidence working with databases that are not fully parsed by existing tools.
  • Recover deleted or hidden evidence Extract deleted records, freelist content, overflow data, WAL activity, and fragments.
  • Prepare reports or expert opinions Explain database artifacts clearly for review, reporting, testimony, or court.
  • Want structured, expert-led training Learn SQLite forensics through a practical workflow rather than isolated theory.
Koodausta tai skriptausta ei tarvita.

The course is designed for investigators — not developers. Techniques are visual, practical, and explained step by step.

Want to see the full course outline?

Lataa kurssin hahmotelma Contact Sales
Why It’s Different

Practical, Visual, and Case-Focused

This course is built to develop real forensic capability. You’ll work hands-on with realistic data, solve investigative challenges, and learn how SQLite behaves in real cases.

CTF-Style Challenges Solve forensic puzzles, decode structures, and uncover hidden SQLite evidence.
SQLite Visualizer Included Use visual workflows to examine pages, records, WAL activity, and deleted data.
Step-by-Step Recovery Labs Practice recovery from freelist pages, overflow chains, WAL frames, and fragments.
Realistic Datasets Train with instructor-created examples based on modern apps and case scenarios.
Tool-Agnostic Skills Use your existing tools while learning how to validate and explain the underlying data.
SQLite Internals Master B-Trees, VarInts, serial types, freelists, overflow pages, WAL and SHM.
Premium Packages
Available as software + training bundles.

Choose On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, or Onsite + Advanced depending on your workflow and team size.

Not sure which training format fits your team?

Ask for a Recommendation View Curriculum
Kouluttajasi - Sertifioitu SQLite Forensics -ohjelma
Kouluttajasi

Learn From James Eichbaum

James Eichbaum is a seasoned digital forensics instructor and practitioner with deep expertise in mobile forensics, SQLite analysis, and real-world investigative workflows.

Over the past 17+ years, James has trained thousands of professionals in more than 30 countries, with a consistent focus on practical skills, investigative accuracy, and defensible forensic interpretation.

He has led advanced forensic training programs for law enforcement, defense, and private sector teams worldwide, including national police agencies and forensic labs.

In this certified course, James guides you step by step through SQLite internals — from page structures and WAL files to deleted data recovery and validation — using structured labs, realistic app data, and CTF-style challenges.

Yhteys Jamesiin LinkedInissä
Uran kohokohdat
  • 17+ years teaching digital and mobile forensics
  • Entinen MSAB:n maailmanlaajuinen koulutuspäällikkö
  • Kalifornian P.O.S.T. sertifioitu kouluttaja
  • Former Detective, Sacramento Valley High Tech Crimes Task Force
  • Former Special Deputy U.S. Marshal, FBI Cyber Crimes Task Force
  • Recipient of HTCIA “Case of the Year” award

Want to review the full curriculum or discuss training options?

View Curriculum Contact Sales
Certified SQLite Forensics

Practical Training for Real Casework

Built around real-world forensic problems, practical recovery methods, and clear interpretation of SQLite evidence.

James Eichbaum — digital forensics instructor teaching SQLite analysis to investigators
17+ Years teaching forensics
30+ Countries trained
24 CPE credits included
Koulutuksen lähestymistapa

The course is designed to make complex SQLite structures easier to understand, validate, and explain — without requiring coding or scripting experience.

Koulutusvaihtoehdot - Certified SQLite Forensics

Valitse koulutusmuoto

Choose the training format that fits your workflow. Each option includes Certified SQLite Forensics training and a SQLite Visualizer license.

On-Demand Self-paced

On-Demand + Basic

Certified self-paced training with Basic software

€1,490
$1,750 · CAD $2,400
Osallistujaa kohti
  • Certified SQLite Forensics training
  • SQLite Visualizer Basic included
  • Online learning platform access
  • Hands-on labs & CTF-style challenges
  • Updates, support & onboarding
  • Certificate + 24 CPE credits
Best for self-paced training
with Basic software.
Contact Sales
On-Demand Self-paced

On-Demand + Advanced

Certified self-paced training with Advanced software

€1,950
$2,300 · CAD $3,125
Osallistujaa kohti
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Online learning platform access
  • Hands-on labs & CTF-style challenges
  • Certificate + 24 CPE credits
Best for advanced analysis
and self-paced training.
Contact Sales
Live Online Instructor-led

Live Online + Advanced

Certified instructor-led remote training for teams

€2,290
Osallistujaa kohti
Available for groups of 3+
  • Certified SQLite Forensics training
  • Instructor-led live online delivery
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Real-time Q&A and guided labs
  • Certificate + 24 CPE credits
Best for teams that want
guided remote training.
Contact Sales
Onsite In-person

Onsite + Advanced

Certified in-person training for teams

From €3,890
Osallistujaa kohti
Available for groups of 5+
  • Certified SQLite Forensics training
  • Onsite instructor-led delivery
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Delivered at your location or partner-hosted venue
  • Certificate + 24 CPE credits
Best for larger teams
and partner-hosted training.
Contact Sales
Planning to train your whole team? We can help you choose the right training format based on group size, delivery preference, and software needs.
Get in touch for training options ⟶
Sertifiointi - Certified SQLite Forensics
Certification

Certificate + 24 CPE Credits

Participants receive verifiable completion documentation designed for professional records, internal reporting, audits, and continuing education requirements.

Valmistumistodistus A signed, verifiable certificate confirming successful completion of the Certified SQLite Forensics Course.
24 CPE Credits Supports continuing education requirements for forensic, cyber, and investigative professionals.
Turvallinen ja todennettavissa Each certificate is individually issued with identifying details suitable for documentation and audit purposes.
Maailmanlaajuisesti merkityksellinen Designed for investigators and forensic teams working across law enforcement, corporate, and private sectors.
Professional Record
Built for defensible professional development.

The course is designed to support practical skills, formal training records, and repeatable forensic workflows that can be explained clearly.

Need confirmation about certification or CPE documentation?

Ask About Certification View Training Catalog
Full Course Track

What You’ll Gain From the Full Course

A deep, practical training track for professionals who work with mobile extractions, forensic tools, app databases, and SQLite-based evidence.

Course Focus

Over three packed days — or through the self-paced format — you learn how to read, interpret, recover, and validate data directly from raw SQLite structures.

The training combines guided explanation with hands-on practice using realistic datasets, deleted records, freelist recovery, overflow content, WAL/SHM interpretation, and CTF-style forensic challenges.

The Full Course Includes

  • WAL- ja SHM-tiedostojen manuaalinen purkaminen
  • Palautuminen freelist-ketjuista ja varaamattomista sivuista
  • Tapauskohtaiset harjoitukset käyttäen realistisia tietokokonaisuuksia
  • SQLite Visualizer software included in Premium packages
  • CTF-style challenges designed for forensic use
  • 24 CPE-opintopistettä ja todennettava todistus.
Premium Packages
Available as software + training bundles.

Choose On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, or Onsite + Advanced depending on your workflow and team size.

Want help choosing the right training package?

Ask for a Recommendation Näytä koko opetussuunnitelma
Usein kysytyt kysymykset - Certified SQLite Forensics
FAQ

Usein kysytyt kysymykset

Answers to common questions about course format, access, certification, tools, labs, and Premium software + training bundles.

01 Kuinka kauan koko kurssin suorittaminen kestää? +

Live: Kurssi kestää kolme kokonaista päivää, ja siihen sisältyy opettajan johdolla pidettäviä istuntoja, laboratorioita ja interaktiivisia tapaustutkimuksia.

Tilattavassa muodossa: Same core content, but self-paced. Access terms may vary by package and delivery format.

02 Is the training updated for 2026? +

Yes — the course content is updated for 2026 and reflects current SQLite forensic workflows, modern app data, WAL/SHM analysis, and practical recovery scenarios.

03 Soveltuuko se ryhmille tai koko viraston laajuiseen koulutukseen? +

Yes. Live Online training is available for groups of 3+, and Onsite training is available for groups of 5+. We can help recommend the right package based on team size and delivery preference.

04 Tarvitsenko aiempaa kokemusta tietokannoista? +

No prior database expertise is required. The course starts from the ground up and explains SQLite internals visually, with practical labs and forensic use cases throughout.

05 Minkälaisia laboratorioita sisältyy? +

Labs include parsing deleted records, rebuilding overflow chains, exploring WAL/SHM files, recovering fragmented content, and solving scenario-based challenges using realistic forensic datasets.

06 Kuka opettaa tätä kurssia? +

The course is taught by James Eichbaum, a digital forensics instructor and practitioner with 17+ years of experience training law enforcement, forensic examiners, DFIR consultants, and investigative teams worldwide.

07 What if I use tools like Magnet, Cellebrite, Oxygen, or MSAB? +

This course complements commercial forensic platforms. You learn how to validate tool output, investigate unsupported apps, and understand SQLite evidence beneath automated parsing results.

08 Tunnustetaanko todistus? +

Participants receive a verifiable certificate of completion with 24 CPE credits. It is designed for professional records, internal documentation, audits, and continuing education tracking.

09 Voinko esittää kysymyksiä tai saada tukea kurssin aikana? +

Yes. Live participants can ask questions during sessions. On-Demand participants receive support according to their package and access terms.

10 Pystynkö soveltamaan tätä oikeissa tutkimuksissa? +

Yes. The course is built around realistic app data, practical recovery workflows, and forensic scenarios that map directly to mobile and application database investigations.

11 Sisältääkö kurssi CTF-tyylisiä haasteita? +

Yes. You work through CTF-style forensic challenges designed to reinforce technical SQLite concepts with practical investigation scenarios and realistic datasets.

12 Do I get access to SQLite Visualizer? +

Yes. Premium software + training bundles include SQLite Visualizer Basic or Advanced, depending on the selected package. Advanced packages also include LevelDB Viewer.

13 What training package options are available? +

There are four Premium software + training bundle options: On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, and Onsite + Advanced.

14 Kuinka tekninen kurssi on? +

It is a deep forensic course, but it is designed to be accessible. You go into SQLite internals such as WAL, B-Trees, VarInts, freelists, and overflow pages, with visual explanations and practical labs.

15 Millaisten tietokokonaisuuksien kanssa työskentelen? +

The labs use realistic app databases involving messaging, location, application activity, deleted records, WAL activity, fragmented content, and unsupported or partially parsed app data.

16 Soveltuuko tämä kurssi asiantuntijatason ammattilaisille? +

Yes. Experienced examiners, trainers, and tool specialists use the course to deepen their understanding of SQLite internals, deleted data recovery, and validation workflows.

17 Sisältyykö siihen WAL- ja SHM-analyysi? +

Yes. WAL and SHM analysis are core parts of the course, including how to interpret database changes, reconstruct timelines, and identify data not present in the main database file.

18 Onko koulutus toimittajariippumaton? +

Yes. The course focuses on SQLite forensic principles and validation methods that apply regardless of which forensic platform you use.

19 What background is recommended? +

Some experience in digital forensics, mobile analysis, DFIR, or investigative work is helpful. Coding, scripting, or prior database training is not required.

20 Voinko soveltaa tätä tietoa mobiilirikostekniikan ulkopuolella? +

Yes. SQLite is used in desktop applications, IoT devices, browsers, cloud sync tools, and many other systems. The recovery and validation skills apply anywhere SQLite appears.

Still have questions about the course, certification, or package options?

Kysy kysymys View Training Catalog

Mitä ammattilaiset sanovat tästä kurssista

Akira H.

Digitaalisen rikollisuuden analyytikko
⭐️⭐️⭐️⭐️⭐️
Tämä kurssi ylitti kaikki odotukset. WAL/SHM-rakenteiden ja manuaalisen palautuksen työnkulkujen selittäminen antoi minulle varmuutta haastaa työkalujen rajoitukset todellisissa tutkimuksissa.

Renata S.

Mobile Forensics -konsultti
⭐️⭐️⭐️⭐️⭐️
Olen osallistunut moniin koulutuksiin, mutta mikään ei ole ollut yhtä syvällistä ja käytännönläheistä kuin tämä. Käytännön laboratorioiden, CTF:ien ja SQLiten sisäisten tietojen yhdistelmä teki siitä uskomattoman arvokkaan Android-sovellusten tietojen parissa tekemäni työn kannalta.

Jeroen V.

Tietoverkkorikosyksikön tutkija
⭐️⭐️⭐️⭐️⭐️
Freelistan sivujen uudelleenrakentaminen manuaalisesti ja varinttien purkaminen auttoivat minua ratkaisemaan erään tapauksen vain viikkoja koulutuksen jälkeen. Jamesilla on harvinainen kyky selittää monimutkaisia aiheita selkeästi ja käytännöllisesti.

SQLite Visualizer.
Visualize, Decode, Explore. All-in-One SQLite Analysis Suite.

SQLite Visualizer was developed to enhance the way forensic professionals interact with SQLite data, both during training and in real investigations. This forensic suite was originally designed specifically for this course to complement the techniques you’ll learn and make advanced database analysis more accessible and efficient.

Paketti yhdistää dekoodauksen, visualisoinnin ja tulkinnan yhteen käyttöliittymään. Se yksinkertaistaa työskentelyä WAL-tiedostojen, varintsien, ylivuotosivujen ja strukturoitujen tietueiden kanssa ja auttaa sinua saamaan selkeämmän käsityksen monimutkaisista mobiilisovellusten tiedoista.

SQLite Forensics -kurssilla käytät työkalua koko kurssin ajan laboratorioissa ja todellisissa skenaarioissa, ja pidät sen itselläsi sen jälkeen. Se on resurssi, johon voit luottaa, kun tutkit sovelluksen tietoja, palautat poistettuja tietueita tai vahvistat havaintoja tarkasti.

This reflects our belief that effective training should leave you with practical skills and the tools and methods to apply them right away.

Lue lisää
ED SQLite Visualizer — forensic SQLite analysis tool showing database structure, WAL frames and deleted record recovery
SQLITE rikostekninen tutkimus
Mobile Forensics 2026

Why SQLite Still Matters in Mobile Forensics

SQLite remains the backbone of mobile app storage, powering everything from chat histories and location logs to app settings, cached media, and application artifacts.

Tools extract the data. SQLite knowledge explains it.

While forensic tools handle basic extraction well, they often stop short of revealing what is stored deeper inside database internals such as Write-Ahead Logs, overflow chains, freelists, or custom schemas unique to each app.

As mobile software evolves rapidly, examiners increasingly face situations where data is only partially decoded, misinterpreted, or missed altogether. Understanding the inner workings of SQLite has become essential for reliable mobile analysis.

This course was built with that reality in mind. You’ll learn how to break down SQLite at the structural level, recover data manually, interpret how records are organized, and spot patterns or anomalies that tools alone may not explain.

Practical outcome More control in complex or time-critical mobile investigations.
Ota yhteyttä

Related content

Rikostekninen opas lukittujen Apple Notes -muistiinpanojen salauksen purkamisesta iPadissa MacBookilla ja Apple Pencilillä

Opas: Apple Notesin salauksen purkaminen iOS 16.x -käyttöjärjestelmässä.

Tämä keskittynyt läpikäynti antaa tutkijoille selkeät, käytännönläheiset tekniikat salattujen Apple Notes -muistiinpanojen poimimiseen iOS 16.x -laitteista. Seuraat käytännönläheistä, vaiheittaista prosessia, joka on suunniteltu menemään työkalun oletustuloksia pidemmälle ja antaa sinulle näkemystä ja itseluottamusta monimutkaisten tapausten tehokkaaseen käsittelyyn.

Lue lisää
VarInt decoding example showing variable-length integer parsing for SQLite forensic analysis

VarInt Laskin

VarIntien purkaminen manuaalisesti voi aiheuttaa pullonkaulan rikostekniselle prosessille, etenkin kun navigoidaan epäjohdonmukaisissa tai tuntemattomissa tietokannoissa. Tämä työkalu nopeuttaa tulkintaa ja auttaa sinua keskittymään syvällisempään analyysiin. Sen käyttö on ilmaista, ja se on tarkoitettu SQLiten sisäisten ominaisuuksien parissa työskenteleville tutkijoille.

Lue lisää
Elusive Data SQLite Visualizer tool — digital forensics database analysis software

Finally. An all-in-one forensic SQLite platform that reveals the full story inside app data.

SQLiteVisualizer unifies visual exploration, decoding, SQL analysis, and deleted-data recovery into one seamless workflow. No exports, no tool switching, no lost context.

Lue lisää
Protocol Buffers varint decoding in Python for digital forensics analysis

Blog: Protocol Buffers for Forensic Examiners: The Varint Trap

This article shows how protobuf varints differ from SQLite varints and why that distinction matters in mobile forensics. It includes a full hands-on walkthrough of decoding a protobuf blob, extracting fields, and decrypting the final message.

Lue lisää
Kannettava tietokone, jossa on Python-koodia ja rikosteknisiä laitteita käsikirjoitustutkimuksia varten.

Course: Advanced, certified Python for mobile forensics

A transformative, certified program designed to take digital forensic professionals from basic experience to confident Python proficiency. Newly updated for 2026, this hands-on training teaches you to build your own scripts to extract, parse, and analyze hidden evidence from app data.

Lue lisää
Diagram illustrating SQLite overflow page chains used to store large records across multiple database pages

Blogi: SQLite Overflow Sivut.

Kun yksittäinen SQLite-sivu ei pysty säilyttämään suuria sisältöjä, kuten kuvia tai mediaa, tiedot valuvat ylivuotosivuille. Tässä oppaassa käydään läpi, miten pirstaloituneet tietueet voidaan palauttaa manuaalisesti ja paljastaa todisteet, jotka tyypilliset veistotyökalut usein jättävät huomiotta.

Lue lisää
pysy ajan tasalla

Pysy ajan tasalla. Tilaa kuukausittainen uutiskirjeemme.

Saat ensimmäisenä kuulla uusista koulutusmahdollisuuksista, ilmaisista työkaluista, tapauskohtaisista blogikirjoituksista ja käytännönläheisistä näkemyksistä. Kuukausittainen uutiskirjeemme auttaa sinua oppimaan nopeammin, ratkaisemaan tapauksia älykkäämmin ja pysymään ajan tasalla alalla, joka ei koskaan pysähdy.

Täytä sähköpostiosoitteesi rekisteröityäksesi.

Request Training

Tämä pyyntö ei ole täysin sitova. Kerro meille, mitkä päivämäärät sopisivat sinulle ja kuinka monta osallistujaa haluaisit mukaan. Otamme sinuun pikaisesti yhteyttä ja keskustelemme yhdessä parhaista vaihtoehdoista.

This SQLite forensics training is designed for digital forensics investigators who need to go beyond tool output. You’ll learn to manually parse SQLite database structures including B-tree pages, cell arrays, freelist pages, overflow chains, WAL files, SHM data, VarInt encoding, freeblock recovery, and protocol buffer interpretation. Whether you are investigating mobile device data, app databases, browser artifacts, or cloud-synced SQLite files, the course gives you the skills to extract, validate, and explain SQLite evidence with confidence. SQLite Visualizer is included with training packages to support hands-on analysis throughout the course.

Haluatko oppia omaan tahtiisi?

Saatavilla on-demand →