Elusive Data digital forensics training — certified courses in SQLite forensics, Python for mobile forensics, and mobile device forensics

Tutto ciò che serve per analizzare i dati dei dispositivi mobili e delle app in modo autonomo

Formazione forense certificata su SQLite, programma completo

advanced level | 24 cpe's | updated 2026

Imparare la forensics di SQLite through a certified, hands-on training course built for professionals investigating mobile app data. Updated for 2026, this course teaches you how to manually analyze and recover data that standard tools often miss, including deleted records, WAL files, and unallocated space.

Progettato sulla base di scenari reali e di nuove sfide CTF, il corso si concentra sull'interpretazione forense approfondita, sulla decodifica a livello di pagina e sulle competenze pratiche per le indagini digitali avanzate.

Avviare il corso on-demand Richiesta di formazione del team

SQLite Visualizer included in course | Work dramatically faster and recover more evidence than ever before​​

See scheduled courses Questions? Contact us
Formazione certificata

Formazione certificata sulla conoscenza forense di SQLite

Advanced SQLite forensics training for investigators who need to recover, decode, validate, and explain SQLite evidence from mobile apps and digital systems.

What you will learn

  • Understand SQLite internals, pages, records, freelists, and overflow structures
  • Analyze WAL/SHM files and reconstruct forensic timelines
  • Recover deleted data and rebuild records from fragments
  • Validate findings for reporting, review, and testimony
  • Apply practical workflows using SQLite Visualizer software

Who it is for

Forensic examiners, investigators, incident responders, and analysts who need to go beyond standard tool output and understand SQLite evidence at a deeper level.

Why teams choose it

  • Certificate of completion and 24 CPE credits
  • Built for modern mobile and app-based investigations
  • Hands-on labs with realistic forensic scenarios
  • Available On-Demand, Live Online, or Onsite
  • Bundled with SQLite Visualizer Basic or Advanced

Want the full syllabus or help choosing a training format?

Contact Sales Scarica il programma del corso
Training Formats

Scegliete il formato della formazione

Choose the delivery format that fits your team. Each training package includes certified SQLite Forensics training and a SQLite Visualizer license.

Certificate + 24 CPE credits
Hands-on labs and CTF challenges
SQLite Visualizer included
Su richiesta Self-paced

On-Demand + Basic

Certified self-paced training with Basic software

€1,490
$1,750 · CAD $2,400
Per partecipante
  • Certified SQLite Forensics training
  • SQLite Visualizer Basic included
  • Online learning platform access
Contact Sales
Su richiesta Self-paced

On-Demand + Advanced

Certified self-paced training with Advanced software

€1,950
$2,300 · CAD $3,125
Per partecipante
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
Contact Sales
In diretta online Instructor-led

Live Online + Advanced

Certified remote training for teams

€2,290
Per partecipante
Available for groups of 3+
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • Live Q&A and guided labs
Contact Sales
Onsite In-person

Onsite + Advanced

Certified in-person training for teams

From €3,890
Per partecipante
Available for groups of 5+
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • Delivered onsite or partner-hosted
Contact Sales
Not sure which training format is right? Ask us for a recommendation ⟶
Contenuto del corso: SQLite Forensics certificato
Risultati dell'apprendimento

What You’ll Learn

Build the skills to interpret SQLite evidence with confidence — from raw database structures to deleted records, WAL activity, and court-defensible reporting.

Core Skills

  • Capire come SQLite memorizza i dati See how apps write, delete, and structure data inside SQLite databases.
  • Leggere con sicurezza i file di database grezzi Explore SQLite files manually without relying only on black-box tools.
  • Recupero di dati cancellati o nascosti Extract freelist content, overflow records, and fragments others often miss.
  • Use a repeatable forensic workflow Navigate unsupported databases and validate findings step by step.
  • Explain findings clearly Present what you found and how you found it in reports or testimony.

Included in Your Training

  • Realistic mobile app datasets Work hands-on with data based on practical forensic scenarios.
  • Sfide forensi in stile CTF Apply recovery and validation skills in structured practical exercises.
  • SQLite internals explained visually Learn headers, pages, freelists, overflow chains, WAL, and SHM step by step.
  • Flexible delivery formats Train on-demand, live online, or onsite depending on your team’s needs.
  • Certificate and 24 CPE credits Receive verifiable completion documentation for professional records.

Ready to explore the full training package?

Contact Sales Scarica il programma del corso
Contenuto del corso

Training Modules

A practical, structured course covering SQLite fundamentals, database internals, deleted data recovery, and WAL/SHM analysis.

01 Introduzione alla forensics di SQLite +
  • Conoscere gli elenchi PL e i file XML
  • Lavorare con dati codificati in base64
  • Introduction to SQLite databases
  • Panoramica dei buffer di protocollo
  • Esplorare il formato B-Tree
  • Quiz + pratica inclusi
02 Struttura del database SQLite +
  • The database header
  • Page headers
  • Variable-length integers, or VarInts
  • Manual record parsing
  • Freeblocks e frammentazione
  • Freelist pages and deleted data
  • Overflow pages and large record chains
  • Quiz + pratica inclusi
03 Creare e navigare nei database SQLite +
  • Creating tables and schema
  • Inserting and adding records
  • Running and analyzing SQL statements
  • Deleting records and forensic implications
  • Quiz + pratica inclusi
04 Ricostruzione e recupero del database +
  • Case study introduction
  • Structural analysis of SQLite files
  • Freeblock recovery techniques
  • Rebuilding freelist trunk pages
  • Recreating interior table leaf pages
  • Finalizing reconstruction
  • Quiz + pratica inclusi
05 WAL & SHM Analysis +
  • Perché SQLite utilizza WAL e SHM
  • Dissecting the WAL file
  • Understanding SHM and page frame mapping
  • Visualizing WAL growth over time
  • Forensic use of WAL/SHM in investigations
  • Quiz + pratica inclusi
Also Included

Cos'altro è incluso

The course is designed to support practical learning, repeatable workflows, and defensible forensic analysis.

Interactive CTF Challenges Work through realistic forensic puzzles using mobile app data.
SQLite Visualizer Software Training packages include SQLite Visualizer Basic or Advanced.
Downloadable Labs Practice with deleted, fragmented, and overflowed SQLite content.
Expert Guidance Instructor support and guidance for course-related questions.
Flexible Access Choose on-demand, live online, or onsite delivery formats.
Certificate + CPE Receive a certificate of completion and 24 CPE credits.

Need help choosing the right training format?

Ask for a Recommendation View Training Catalog
A chi si rivolge questo corso - Certificazione di SQLite Forensics
Who It’s For

Built for Digital Forensic Professionals

This course is designed for investigators and analysts who need to go beyond standard tool output and interpret SQLite evidence with confidence, precision, and defensibility.

È particolarmente utile se:

  • Work with mobile app data Analyze SQLite evidence from iOS, Android, and other app-based sources.
  • Need to validate tool output Understand what commercial tools found — and what they may have missed.
  • Investigate unsupported apps Build confidence working with databases that are not fully parsed by existing tools.
  • Recover deleted or hidden evidence Extract deleted records, freelist content, overflow data, WAL activity, and fragments.
  • Prepare reports or expert opinions Explain database artifacts clearly for review, reporting, testimony, or court.
  • Want structured, expert-led training Learn SQLite forensics through a practical workflow rather than isolated theory.
Non è necessario alcun codice o scripting.

The course is designed for investigators — not developers. Techniques are visual, practical, and explained step by step.

Want to see the full course outline?

Scarica il programma del corso Contact Sales
Why It’s Different

Practical, Visual, and Case-Focused

This course is built to develop real forensic capability. You’ll work hands-on with realistic data, solve investigative challenges, and learn how SQLite behaves in real cases.

CTF-Style Challenges Solve forensic puzzles, decode structures, and uncover hidden SQLite evidence.
SQLite Visualizer Included Use visual workflows to examine pages, records, WAL activity, and deleted data.
Step-by-Step Recovery Labs Practice recovery from freelist pages, overflow chains, WAL frames, and fragments.
Realistic Datasets Train with instructor-created examples based on modern apps and case scenarios.
Tool-Agnostic Skills Use your existing tools while learning how to validate and explain the underlying data.
SQLite Internals Master B-Trees, VarInts, serial types, freelists, overflow pages, WAL and SHM.
Premium Packages
Available as software + training bundles.

Choose On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, or Onsite + Advanced depending on your workflow and team size.

Not sure which training format fits your team?

Ask for a Recommendation View Curriculum
Il vostro istruttore - Certified SQLite Forensics
Il vostro istruttore

Learn From James Eichbaum

James Eichbaum is a seasoned digital forensics instructor and practitioner with deep expertise in mobile forensics, SQLite analysis, and real-world investigative workflows.

Over the past 17+ years, James has trained thousands of professionals in more than 30 countries, with a consistent focus on practical skills, investigative accuracy, and defensible forensic interpretation.

He has led advanced forensic training programs for law enforcement, defense, and private sector teams worldwide, including national police agencies and forensic labs.

In this certified course, James guides you step by step through SQLite internals — from page structures and WAL files to deleted data recovery and validation — using structured labs, realistic app data, and CTF-style challenges.

Collegatevi con James su LinkedIn
Punti salienti della carriera
  • 17+ years teaching digital and mobile forensics
  • Ex responsabile della formazione globale di MSAB
  • Istruttore certificato P.O.S.T. della California
  • Former Detective, Sacramento Valley High Tech Crimes Task Force
  • Former Special Deputy U.S. Marshal, FBI Cyber Crimes Task Force
  • Premio "Caso dell'anno" di HTCIA

Want to review the full curriculum or discuss training options?

View Curriculum Contact Sales
Certified SQLite Forensics

Practical Training for Real Casework

Built around real-world forensic problems, practical recovery methods, and clear interpretation of SQLite evidence.

James Eichbaum — digital forensics instructor teaching SQLite analysis to investigators
17+ Years teaching forensics
30+ Countries trained
24 CPE credits included
Approccio alla formazione

The course is designed to make complex SQLite structures easier to understand, validate, and explain — without requiring coding or scripting experience.

Opzioni di formazione - SQLite Forensics certificato

Scegliete il formato della formazione

Choose the training format that fits your workflow. Each option includes Certified SQLite Forensics training and a SQLite Visualizer license.

Su richiesta Self-paced

On-Demand + Basic

Certified self-paced training with Basic software

€1,490
$1,750 · CAD $2,400
Per partecipante
  • Certified SQLite Forensics training
  • SQLite Visualizer Basic included
  • Online learning platform access
  • Hands-on labs & CTF-style challenges
  • Updates, support & onboarding
  • Certificate + 24 CPE credits
Best for self-paced training
with Basic software.
Contact Sales
Su richiesta Self-paced

On-Demand + Advanced

Certified self-paced training with Advanced software

€1,950
$2,300 · CAD $3,125
Per partecipante
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Online learning platform access
  • Hands-on labs & CTF-style challenges
  • Certificate + 24 CPE credits
Best for advanced analysis
and self-paced training.
Contact Sales
In diretta online Instructor-led

Live Online + Advanced

Certified instructor-led remote training for teams

€2,290
Per partecipante
Available for groups of 3+
  • Certified SQLite Forensics training
  • Instructor-led live online delivery
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Real-time Q&A and guided labs
  • Certificate + 24 CPE credits
Best for teams that want
guided remote training.
Contact Sales
Onsite In-person

Onsite + Advanced

Certified in-person training for teams

From €3,890
Per partecipante
Available for groups of 5+
  • Certified SQLite Forensics training
  • Onsite instructor-led delivery
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Delivered at your location or partner-hosted venue
  • Certificate + 24 CPE credits
Best for larger teams
and partner-hosted training.
Contact Sales
Planning to train your whole team? We can help you choose the right training format based on group size, delivery preference, and software needs.
Get in touch for training options ⟶
Certificazione - Certificato SQLite Forensics
Certificazione

Certificate + 24 CPE Credits

Participants receive verifiable completion documentation designed for professional records, internal reporting, audits, and continuing education requirements.

Certificato di completamento A signed, verifiable certificate confirming successful completion of the Certified SQLite Forensics Course.
24 CPE Credits Supports continuing education requirements for forensic, cyber, and investigative professionals.
Sicuro e verificabile Each certificate is individually issued with identifying details suitable for documentation and audit purposes.
Rilevante a livello globale Designed for investigators and forensic teams working across law enforcement, corporate, and private sectors.
Professional Record
Built for defensible professional development.

The course is designed to support practical skills, formal training records, and repeatable forensic workflows that can be explained clearly.

Need confirmation about certification or CPE documentation?

Ask About Certification View Training Catalog
Full Course Track

What You’ll Gain From the Full Course

A deep, practical training track for professionals who work with mobile extractions, forensic tools, app databases, and SQLite-based evidence.

Course Focus

Over three packed days — or through the self-paced format — you learn how to read, interpret, recover, and validate data directly from raw SQLite structures.

The training combines guided explanation with hands-on practice using realistic datasets, deleted records, freelist recovery, overflow content, WAL/SHM interpretation, and CTF-style forensic challenges.

The Full Course Includes

  • Decodifica manuale dei file WAL e SHM
  • Recupero da catene di freelist e pagine non allocate
  • Esercizi basati su casi concreti che utilizzano set di dati realistici
  • SQLite Visualizer software included in Premium packages
  • CTF-style challenges designed for forensic use
  • 24 crediti CPE e un certificato verificabile
Premium Packages
Available as software + training bundles.

Choose On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, or Onsite + Advanced depending on your workflow and team size.

Want help choosing the right training package?

Ask for a Recommendation Visualizza il curriculum completo
Domande frequenti - SQLite Forensics certificato
FAQ

Domande frequenti

Answers to common questions about course format, access, certification, tools, labs, and Premium software + training bundles.

01 Quanto tempo occorre per completare il corso completo? +

In diretta: Il corso si articola in 3 giorni completi con sessioni guidate da un istruttore, laboratori e casi di studio interattivi.

Su richiesta: Same core content, but self-paced. Access terms may vary by package and delivery format.

02 Is the training updated for 2026? +

Yes — the course content is updated for 2026 and reflects current SQLite forensic workflows, modern app data, WAL/SHM analysis, and practical recovery scenarios.

03 È adatto per i team o per la formazione a livello di agenzia? +

Yes. Live Online training is available for groups of 3+, and Onsite training is available for groups of 5+. We can help recommend the right package based on team size and delivery preference.

04 È necessaria un'esperienza pregressa nel campo dei database? +

No prior database expertise is required. The course starts from the ground up and explains SQLite internals visually, with practical labs and forensic use cases throughout.

05 Quali tipi di laboratori sono inclusi? +

Labs include parsing deleted records, rebuilding overflow chains, exploring WAL/SHM files, recovering fragmented content, and solving scenario-based challenges using realistic forensic datasets.

06 Chi insegna questo corso? +

The course is taught by James Eichbaum, a digital forensics instructor and practitioner with 17+ years of experience training law enforcement, forensic examiners, DFIR consultants, and investigative teams worldwide.

07 What if I use tools like Magnet, Cellebrite, Oxygen, or MSAB? +

This course complements commercial forensic platforms. You learn how to validate tool output, investigate unsupported apps, and understand SQLite evidence beneath automated parsing results.

08 Il certificato è riconosciuto? +

Participants receive a verifiable certificate of completion with 24 CPE credits. It is designed for professional records, internal documentation, audits, and continuing education tracking.

09 Posso fare domande o ricevere assistenza durante il corso? +

Yes. Live participants can ask questions during sessions. On-Demand participants receive support according to their package and access terms.

10 Sarò in grado di applicarlo nelle indagini reali? +

Yes. The course is built around realistic app data, practical recovery workflows, and forensic scenarios that map directly to mobile and application database investigations.

11 Il corso prevede sfide in stile CTF? +

Yes. You work through CTF-style forensic challenges designed to reinforce technical SQLite concepts with practical investigation scenarios and realistic datasets.

12 Do I get access to SQLite Visualizer? +

Yes. Premium software + training bundles include SQLite Visualizer Basic or Advanced, depending on the selected package. Advanced packages also include LevelDB Viewer.

13 What training package options are available? +

There are four Premium software + training bundle options: On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, and Onsite + Advanced.

14 Quanto è tecnico il corso? +

It is a deep forensic course, but it is designed to be accessible. You go into SQLite internals such as WAL, B-Trees, VarInts, freelists, and overflow pages, with visual explanations and practical labs.

15 Con che tipo di set di dati lavorerò? +

The labs use realistic app databases involving messaging, location, application activity, deleted records, WAL activity, fragmented content, and unsupported or partially parsed app data.

16 Questo corso è adatto a professionisti esperti? +

Yes. Experienced examiners, trainers, and tool specialists use the course to deepen their understanding of SQLite internals, deleted data recovery, and validation workflows.

17 Include l'analisi WAL e SHM? +

Yes. WAL and SHM analysis are core parts of the course, including how to interpret database changes, reconstruct timelines, and identify data not present in the main database file.

18 La formazione è neutrale rispetto al fornitore? +

Yes. The course focuses on SQLite forensic principles and validation methods that apply regardless of which forensic platform you use.

19 What background is recommended? +

Some experience in digital forensics, mobile analysis, DFIR, or investigative work is helpful. Coding, scripting, or prior database training is not required.

20 Posso applicare queste conoscenze al di fuori della mobile forensics? +

Yes. SQLite is used in desktop applications, IoT devices, browsers, cloud sync tools, and many other systems. The recovery and validation skills apply anywhere SQLite appears.

Still have questions about the course, certification, or package options?

Poni una domanda View Training Catalog

Cosa dicono i professionisti di questo corso

Akira H.

Analista di criminalità digitale
⭐️⭐️⭐️⭐️⭐️
Questo corso è andato ben oltre le aspettative. La spiegazione delle strutture WAL/SHM e dei flussi di lavoro per il ripristino manuale mi ha dato fiducia per sfidare i limiti degli strumenti nelle indagini reali.

Renata S.

Consulente di medicina legale mobile
⭐️⭐️⭐️⭐️⭐️
Ho seguito molti corsi di formazione, ma nessuno così coinvolgente e pratico come questo. La combinazione di laboratori pratici, CTF e nozioni interne di SQLite ha reso il corso incredibilmente utile per il mio lavoro con i dati delle applicazioni Android.

Jeroen V.

Investigatore dell'unità Cybercrime
⭐️⭐️⭐️⭐️⭐️
Ricostruire manualmente le pagine freelist e decodificare i varanti mi ha aiutato a risolvere un caso poche settimane dopo la formazione. James ha la rara capacità di spiegare argomenti complessi in modo chiaro e pratico.

SQLite Visualizer.
Visualize, Decode, Explore. All-in-One SQLite Analysis Suite.

SQLite Visualizer was developed to enhance the way forensic professionals interact with SQLite data, both during training and in real investigations. This forensic suite was originally designed specifically for this course to complement the techniques you’ll learn and make advanced database analysis more accessible and efficient.

La suite riunisce decodifica, visualizzazione e interpretazione in un'unica interfaccia. Semplifica il processo di lavoro con i file WAL, i varint, le pagine di overflow e i record strutturati, aiutandovi a ottenere una visione più chiara dei dati complessi delle applicazioni mobili.

Nel corso di SQLite Forensics, utilizzerete lo strumento durante tutto il corso, nei laboratori e negli scenari reali, e lo conserverete anche in seguito. È una risorsa su cui fare affidamento quando si esaminano i dati delle app, si recuperano i record eliminati o si convalidano i risultati con precisione.

This reflects our belief that effective training should leave you with practical skills and the tools and methods to apply them right away.

Per saperne di più
ED SQLite Visualizer — forensic SQLite analysis tool showing database structure, WAL frames and deleted record recovery
SQLITE forensics
Mobile Forensics 2026

Why SQLite Still Matters in Mobile Forensics

SQLite remains the backbone of mobile app storage, powering everything from chat histories and location logs to app settings, cached media, and application artifacts.

Tools extract the data. SQLite knowledge explains it.

While forensic tools handle basic extraction well, they often stop short of revealing what is stored deeper inside database internals such as Write-Ahead Logs, overflow chains, freelists, or custom schemas unique to each app.

As mobile software evolves rapidly, examiners increasingly face situations where data is only partially decoded, misinterpreted, or missed altogether. Understanding the inner workings of SQLite has become essential for reliable mobile analysis.

This course was built with that reality in mind. You’ll learn how to break down SQLite at the structural level, recover data manually, interpret how records are organized, and spot patterns or anomalies that tools alone may not explain.

Practical outcome More control in complex or time-critical mobile investigations.
Contattateci

Related content

Guida forense per decriptare le note Apple bloccate visualizzate su iPad con MacBook e Apple Pencil

Guida: Decriptare le note di Apple su iOS 16.x

Questa guida mirata fornisce agli investigatori tecniche chiare e pratiche per l'estrazione di Apple Notes crittografate da dispositivi iOS 16.x. Seguirete un processo pratico, passo dopo passo, progettato per andare oltre l'output predefinito dello strumento, fornendovi la comprensione e la fiducia necessarie per gestire efficacemente casi complessi.

Per saperne di più
VarInt decoding example showing variable-length integer parsing for SQLite forensic analysis

Calcolatrice VarInt

La decodifica manuale dei VarInt può ostacolare il processo forense, soprattutto quando si naviga in database incoerenti o poco conosciuti. Questo strumento velocizza l'interpretazione, aiutandovi a concentrarvi su analisi più approfondite. È gratuito e pensato per gli investigatori che lavorano con gli interni di SQLite.

Per saperne di più
Elusive Data SQLite Visualizer tool — digital forensics database analysis software

Finally. An all-in-one forensic SQLite platform that reveals the full story inside app data.

SQLiteVisualizer unifies visual exploration, decoding, SQL analysis, and deleted-data recovery into one seamless workflow. No exports, no tool switching, no lost context.

Per saperne di più
Protocol Buffers varint decoding in Python for digital forensics analysis

Blog: Protocol Buffers for Forensic Examiners: The Varint Trap

This article shows how protobuf varints differ from SQLite varints and why that distinction matters in mobile forensics. It includes a full hands-on walkthrough of decoding a protobuf blob, extracting fields, and decrypting the final message.

Per saperne di più
Laptop con codice Python e dispositivi forensi per le indagini di scripting

Course: Advanced, certified Python for mobile forensics

A transformative, certified program designed to take digital forensic professionals from basic experience to confident Python proficiency. Newly updated for 2026, this hands-on training teaches you to build your own scripts to extract, parse, and analyze hidden evidence from app data.

Per saperne di più
Diagram illustrating SQLite overflow page chains used to store large records across multiple database pages

Blog: SQLite Overflow Pagine.

Quando una singola pagina SQLite non è in grado di contenere contenuti di grandi dimensioni, come immagini o file multimediali, i dati si riversano nelle pagine di overflow. Questa guida illustra come recuperare manualmente i record frammentati, rivelando le prove che i tipici strumenti di incisione spesso trascurano.

Per saperne di più
rimanete aggiornati

Rimanete aggiornati. Iscrivetevi alla nostra newsletter mensile.

Siate i primi a conoscere nuove opportunità di formazione, strumenti gratuiti, post sul blog basati su casi e approfondimenti pratici. La nostra newsletter mensile è stata creata per aiutarvi a imparare più velocemente, a risolvere i casi in modo più intelligente e a tenere il passo in un settore che non si ferma mai.

Inserite la vostra e-mail per iscrivervi.

Richiesta di formazione

Questa richiesta non è assolutamente vincolante. Fateci sapere quali date potrebbero andare bene per voi e quanti partecipanti vorreste includere. Vi risponderemo prontamente per discutere insieme le opzioni migliori.

This SQLite forensics training is designed for digital forensics investigators who need to go beyond tool output. You’ll learn to manually parse SQLite database structures including B-tree pages, cell arrays, freelist pages, overflow chains, WAL files, SHM data, VarInt encoding, freeblock recovery, and protocol buffer interpretation. Whether you are investigating mobile device data, app databases, browser artifacts, or cloud-synced SQLite files, the course gives you the skills to extract, validate, and explain SQLite evidence with confidence. SQLite Visualizer is included with training packages to support hands-on analysis throughout the course.

Preferisci imparare al tuo ritmo?

Disponibile on-demand →