Elusive Data digital forensics training — certified courses in SQLite forensics, Python for mobile forensics, and mobile device forensics

モバイルとアプリのデータを分析するために必要なすべてのもの

認定SQLiteフォレンジック・トレーニング、フルプログラム

advanced level | 24 cpe's | updated 2026

SQLiteフォレンジックを学ぶ through a certified, hands-on training course built for professionals investigating mobile app data. Updated for 2026, this course teaches you how to manually analyze and recover data that standard tools often miss, including deleted records, WAL files, and unallocated space.

実世界のシナリオと新しいCTFの課題を中心にデザインされたこのトレーニングは、深いフォレンジック解釈、ページレベルの解読、高度なデジタル捜査のための実践的なスキルに重点を置いています。

オンデマンド・コースを開始する チームトレーニングの依頼

SQLite Visualizer included in course | Work dramatically faster and recover more evidence than ever before​​

See scheduled courses Questions? Contact us
認定研修

認定SQLiteフォレンジック・トレーニング

Advanced SQLite forensics training for investigators who need to recover, decode, validate, and explain SQLite evidence from mobile apps and digital systems.

What you will learn

  • Understand SQLite internals, pages, records, freelists, and overflow structures
  • Analyze WAL/SHM files and reconstruct forensic timelines
  • Recover deleted data and rebuild records from fragments
  • Validate findings for reporting, review, and testimony
  • Apply practical workflows using SQLite Visualizer software

Who it is for

Forensic examiners, investigators, incident responders, and analysts who need to go beyond standard tool output and understand SQLite evidence at a deeper level.

Why teams choose it

  • Certificate of completion and 24 CPE credits
  • Built for modern mobile and app-based investigations
  • Hands-on labs with realistic forensic scenarios
  • Available On-Demand, Live Online, or Onsite
  • Bundled with SQLite Visualizer Basic or Advanced

Want the full syllabus or help choosing a training format?

Contact Sales コース概要のダウンロード
Training Formats

トレーニング形式の選択

Choose the delivery format that fits your team. Each training package includes certified SQLite Forensics training and a SQLite Visualizer license.

Certificate + 24 CPE credits
Hands-on labs and CTF challenges
SQLite Visualizer included
オンデマンド Self-paced

On-Demand + Basic

Certified self-paced training with Basic software

€1,490
$1,750 · CAD $2,400
参加者1名につき
  • Certified SQLite Forensics training
  • SQLite Visualizer Basic included
  • Online learning platform access
Contact Sales
オンデマンド Self-paced

On-Demand + Advanced

Certified self-paced training with Advanced software

€1,950
$2,300 · CAD $3,125
参加者1名につき
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
Contact Sales
ライブ・オンライン Instructor-led

Live Online + Advanced

Certified remote training for teams

€2,290
参加者1名につき
Available for groups of 3+
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • Live Q&A and guided labs
Contact Sales
Onsite In-person

Onsite + Advanced

Certified in-person training for teams

From €3,890
参加者1名につき
Available for groups of 5+
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • Delivered onsite or partner-hosted
Contact Sales
Not sure which training format is right? Ask us for a recommendation ⟶
コース内容 - 認定SQLiteフォレンジック
学習成果

What You’ll Learn

Build the skills to interpret SQLite evidence with confidence — from raw database structures to deleted records, WAL activity, and court-defensible reporting.

Core Skills

  • SQLiteがどのようにデータを保存するかを理解する See how apps write, delete, and structure data inside SQLite databases.
  • 生のデータベースファイルを安心して読む Explore SQLite files manually without relying only on black-box tools.
  • 削除されたデータや隠されたデータを復元する Extract freelist content, overflow records, and fragments others often miss.
  • Use a repeatable forensic workflow Navigate unsupported databases and validate findings step by step.
  • Explain findings clearly Present what you found and how you found it in reports or testimony.

Included in Your Training

  • Realistic mobile app datasets Work hands-on with data based on practical forensic scenarios.
  • CTFスタイルのフォレンジック・チャレンジ Apply recovery and validation skills in structured practical exercises.
  • SQLite internals explained visually Learn headers, pages, freelists, overflow chains, WAL, and SHM step by step.
  • Flexible delivery formats Train on-demand, live online, or onsite depending on your team’s needs.
  • Certificate and 24 CPE credits Receive verifiable completion documentation for professional records.

Ready to explore the full training package?

Contact Sales コース概要のダウンロード
コース内容

Training Modules

A practical, structured course covering SQLite fundamentals, database internals, deleted data recovery, and WAL/SHM analysis.

01 SQLiteフォレンジック入門 +
  • PLリストとXMLファイルを理解する
  • base64エンコードされたデータを扱う
  • Introduction to SQLite databases
  • プロトコル・バッファの概要
  • B-Treeフォーマットの探求
  • クイズ+実技付き
02 SQLiteデータベースの構造 +
  • The database header
  • Page headers
  • Variable-length integers, or VarInts
  • Manual record parsing
  • フリーブロックと断片化
  • Freelist pages and deleted data
  • Overflow pages and large record chains
  • クイズ+実技付き
03 SQLiteデータベースの作成と操作 +
  • Creating tables and schema
  • Inserting and adding records
  • Running and analyzing SQL statements
  • Deleting records and forensic implications
  • クイズ+実技付き
04 データベースの再構築と復旧 +
  • Case study introduction
  • Structural analysis of SQLite files
  • Freeblock recovery techniques
  • Rebuilding freelist trunk pages
  • Recreating interior table leaf pages
  • Finalizing reconstruction
  • クイズ+実技付き
05 WAL & SHM Analysis +
  • SQLiteがWALとSHMを使う理由
  • Dissecting the WAL file
  • Understanding SHM and page frame mapping
  • Visualizing WAL growth over time
  • Forensic use of WAL/SHM in investigations
  • クイズ+実技付き
Also Included

その他含まれるもの

The course is designed to support practical learning, repeatable workflows, and defensible forensic analysis.

Interactive CTF Challenges Work through realistic forensic puzzles using mobile app data.
SQLite Visualizer Software Training packages include SQLite Visualizer Basic or Advanced.
Downloadable Labs Practice with deleted, fragmented, and overflowed SQLite content.
Expert Guidance Instructor support and guidance for course-related questions.
Flexible Access Choose on-demand, live online, or onsite delivery formats.
Certificate + CPE Receive a certificate of completion and 24 CPE credits.

Need help choosing the right training format?

Ask for a Recommendation View Training Catalog
対象者 - 認定SQLiteフォレンジックコース
Who It’s For

Built for Digital Forensic Professionals

This course is designed for investigators and analysts who need to go beyond standard tool output and interpret SQLite evidence with confidence, precision, and defensibility.

特に、以下のような場合に価値がある:

  • Work with mobile app data Analyze SQLite evidence from iOS, Android, and other app-based sources.
  • Need to validate tool output Understand what commercial tools found — and what they may have missed.
  • Investigate unsupported apps Build confidence working with databases that are not fully parsed by existing tools.
  • Recover deleted or hidden evidence Extract deleted records, freelist content, overflow data, WAL activity, and fragments.
  • Prepare reports or expert opinions Explain database artifacts clearly for review, reporting, testimony, or court.
  • Want structured, expert-led training Learn SQLite forensics through a practical workflow rather than isolated theory.
コーディングやスクリプトは必要ありません。

The course is designed for investigators — not developers. Techniques are visual, practical, and explained step by step.

Want to see the full course outline?

コース概要のダウンロード Contact Sales
Why It’s Different

Practical, Visual, and Case-Focused

This course is built to develop real forensic capability. You’ll work hands-on with realistic data, solve investigative challenges, and learn how SQLite behaves in real cases.

CTF-Style Challenges Solve forensic puzzles, decode structures, and uncover hidden SQLite evidence.
SQLite Visualizer Included Use visual workflows to examine pages, records, WAL activity, and deleted data.
Step-by-Step Recovery Labs Practice recovery from freelist pages, overflow chains, WAL frames, and fragments.
Realistic Datasets Train with instructor-created examples based on modern apps and case scenarios.
Tool-Agnostic Skills Use your existing tools while learning how to validate and explain the underlying data.
SQLite Internals Master B-Trees, VarInts, serial types, freelists, overflow pages, WAL and SHM.
Premium Packages
Available as software + training bundles.

Choose On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, or Onsite + Advanced depending on your workflow and team size.

Not sure which training format fits your team?

Ask for a Recommendation View Curriculum
講師 - 認定SQLiteフォレンジック
インストラクター

Learn From James Eichbaum

James Eichbaum is a seasoned digital forensics instructor and practitioner with deep expertise in mobile forensics, SQLite analysis, and real-world investigative workflows.

Over the past 17+ years, James has trained thousands of professionals in more than 30 countries, with a consistent focus on practical skills, investigative accuracy, and defensible forensic interpretation.

He has led advanced forensic training programs for law enforcement, defense, and private sector teams worldwide, including national police agencies and forensic labs.

In this certified course, James guides you step by step through SQLite internals — from page structures and WAL files to deleted data recovery and validation — using structured labs, realistic app data, and CTF-style challenges.

LinkedInでジェームスとつながる
キャリアハイライト
  • 17+ years teaching digital and mobile forensics
  • 元MSABグローバル・トレーニング・マネージャー
  • カリフォルニア州P.O.S.T.公認インストラクター
  • Former Detective, Sacramento Valley High Tech Crimes Task Force
  • Former Special Deputy U.S. Marshal, FBI Cyber Crimes Task Force
  • HTCIA「ケース・オブ・ザ・イヤー」受賞

Want to review the full curriculum or discuss training options?

View Curriculum Contact Sales
Certified SQLite Forensics

Practical Training for Real Casework

Built around real-world forensic problems, practical recovery methods, and clear interpretation of SQLite evidence.

James Eichbaum — digital forensics instructor teaching SQLite analysis to investigators
17+ Years teaching forensics
30+ Countries trained
24 CPE credits included
トレーニング・アプローチ

The course is designed to make complex SQLite structures easier to understand, validate, and explain — without requiring coding or scripting experience.

トレーニングオプション - 認定SQLiteフォレンジック

トレーニング形式の選択

Choose the training format that fits your workflow. Each option includes Certified SQLite Forensics training and a SQLite Visualizer license.

オンデマンド Self-paced

On-Demand + Basic

Certified self-paced training with Basic software

€1,490
$1,750 · CAD $2,400
参加者1名につき
  • Certified SQLite Forensics training
  • SQLite Visualizer Basic included
  • Online learning platform access
  • Hands-on labs & CTF-style challenges
  • Updates, support & onboarding
  • Certificate + 24 CPE credits
Best for self-paced training
with Basic software.
Contact Sales
オンデマンド Self-paced

On-Demand + Advanced

Certified self-paced training with Advanced software

€1,950
$2,300 · CAD $3,125
参加者1名につき
  • Certified SQLite Forensics training
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Online learning platform access
  • Hands-on labs & CTF-style challenges
  • Certificate + 24 CPE credits
Best for advanced analysis
and self-paced training.
Contact Sales
ライブ・オンライン Instructor-led

Live Online + Advanced

Certified instructor-led remote training for teams

€2,290
参加者1名につき
Available for groups of 3+
  • Certified SQLite Forensics training
  • Instructor-led live online delivery
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Real-time Q&A and guided labs
  • Certificate + 24 CPE credits
Best for teams that want
guided remote training.
Contact Sales
Onsite In-person

Onsite + Advanced

Certified in-person training for teams

From €3,890
参加者1名につき
Available for groups of 5+
  • Certified SQLite Forensics training
  • Onsite instructor-led delivery
  • SQLite Visualizer Advanced included
  • LevelDB Viewer included
  • Delivered at your location or partner-hosted venue
  • Certificate + 24 CPE credits
Best for larger teams
and partner-hosted training.
Contact Sales
Planning to train your whole team? We can help you choose the right training format based on group size, delivery preference, and software needs.
Get in touch for training options ⟶
認定資格 - 認定SQLiteフォレンジック
認証

Certificate + 24 CPE Credits

Participants receive verifiable completion documentation designed for professional records, internal reporting, audits, and continuing education requirements.

修了証書 A signed, verifiable certificate confirming successful completion of the Certified SQLite Forensics Course.
24 CPE Credits Supports continuing education requirements for forensic, cyber, and investigative professionals.
安全で検証可能 Each certificate is individually issued with identifying details suitable for documentation and audit purposes.
世界との関連性 Designed for investigators and forensic teams working across law enforcement, corporate, and private sectors.
Professional Record
Built for defensible professional development.

The course is designed to support practical skills, formal training records, and repeatable forensic workflows that can be explained clearly.

Need confirmation about certification or CPE documentation?

Ask About Certification View Training Catalog
Full Course Track

What You’ll Gain From the Full Course

A deep, practical training track for professionals who work with mobile extractions, forensic tools, app databases, and SQLite-based evidence.

Course Focus

Over three packed days — or through the self-paced format — you learn how to read, interpret, recover, and validate data directly from raw SQLite structures.

The training combines guided explanation with hands-on practice using realistic datasets, deleted records, freelist recovery, overflow content, WAL/SHM interpretation, and CTF-style forensic challenges.

The Full Course Includes

  • WALおよびSHMファイルの手動デコード
  • フリーリスト・チェーンと未割り当てページからの回復
  • 現実的なデータセットを使用したケースベースの演習
  • SQLite Visualizer software included in Premium packages
  • CTF-style challenges designed for forensic use
  • 24CPE単位と検証可能な証明書
Premium Packages
Available as software + training bundles.

Choose On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, or Onsite + Advanced depending on your workflow and team size.

Want help choosing the right training package?

Ask for a Recommendation 全カリキュラムを見る
FAQ - 認定SQLiteフォレンジック
よくあるご質問

よくある質問

Answers to common questions about course format, access, certification, tools, labs, and Premium software + training bundles.

01 全コースを修了するのにかかる時間は? +

ライブだ: インストラクターによるセッション、ラボ、インタラクティブなケーススタディなど、丸3日間にわたって行われる。

オンデマンド Same core content, but self-paced. Access terms may vary by package and delivery format.

02 Is the training updated for 2026? +

Yes — the course content is updated for 2026 and reflects current SQLite forensic workflows, modern app data, WAL/SHM analysis, and practical recovery scenarios.

03 チームや機関全体のトレーニングに適しているか? +

Yes. Live Online training is available for groups of 3+, and Onsite training is available for groups of 5+. We can help recommend the right package based on team size and delivery preference.

04 データベースの経験は必要ですか? +

No prior database expertise is required. The course starts from the ground up and explains SQLite internals visually, with practical labs and forensic use cases throughout.

05 どのようなラボが含まれますか? +

Labs include parsing deleted records, rebuilding overflow chains, exploring WAL/SHM files, recovering fragmented content, and solving scenario-based challenges using realistic forensic datasets.

06 このコースは誰が教えているのですか? +

The course is taught by James Eichbaum, a digital forensics instructor and practitioner with 17+ years of experience training law enforcement, forensic examiners, DFIR consultants, and investigative teams worldwide.

07 What if I use tools like Magnet, Cellebrite, Oxygen, or MSAB? +

This course complements commercial forensic platforms. You learn how to validate tool output, investigate unsupported apps, and understand SQLite evidence beneath automated parsing results.

08 証明書は認められていますか? +

Participants receive a verifiable certificate of completion with 24 CPE credits. It is designed for professional records, internal documentation, audits, and continuing education tracking.

09 コース中に質問やサポートを受けることはできますか? +

Yes. Live participants can ask questions during sessions. On-Demand participants receive support according to their package and access terms.

10 これを実際の捜査に生かせるだろうか? +

Yes. The course is built around realistic app data, practical recovery workflows, and forensic scenarios that map directly to mobile and application database investigations.

11 コースにはCTFスタイルの課題はありますか? +

Yes. You work through CTF-style forensic challenges designed to reinforce technical SQLite concepts with practical investigation scenarios and realistic datasets.

12 Do I get access to SQLite Visualizer? +

Yes. Premium software + training bundles include SQLite Visualizer Basic or Advanced, depending on the selected package. Advanced packages also include LevelDB Viewer.

13 What training package options are available? +

There are four Premium software + training bundle options: On-Demand + Basic, On-Demand + Advanced, Live Online + Advanced, and Onsite + Advanced.

14 コースの技術的なレベルは? +

It is a deep forensic course, but it is designed to be accessible. You go into SQLite internals such as WAL, B-Trees, VarInts, freelists, and overflow pages, with visual explanations and practical labs.

15 どのようなデータセットを扱うのですか? +

The labs use realistic app databases involving messaging, location, application activity, deleted records, WAL activity, fragmented content, and unsupported or partially parsed app data.

16 このコースは専門家レベルの練習生に適していますか? +

Yes. Experienced examiners, trainers, and tool specialists use the course to deepen their understanding of SQLite internals, deleted data recovery, and validation workflows.

17 WALとSHM分析は含まれていますか? +

Yes. WAL and SHM analysis are core parts of the course, including how to interpret database changes, reconstruct timelines, and identify data not present in the main database file.

18 トレーニングはベンダーに依存しないのか? +

Yes. The course focuses on SQLite forensic principles and validation methods that apply regardless of which forensic platform you use.

19 What background is recommended? +

Some experience in digital forensics, mobile analysis, DFIR, or investigative work is helpful. Coding, scripting, or prior database training is not required.

20 この知識をモバイル・フォレンジック以外の分野に応用できますか? +

Yes. SQLite is used in desktop applications, IoT devices, browsers, cloud sync tools, and many other systems. The recovery and validation skills apply anywhere SQLite appears.

Still have questions about the course, certification, or package options?

質問する View Training Catalog

プロフェッショナルの声

アキラ・H

デジタル犯罪アナリスト
⭐️⭐️⭐️⭐️⭐️
このコースは期待以上のものでした。WAL/SHMの構造や手作業による復旧ワークフローの説明は、実際の調査でツールの限界に挑戦する自信を与えてくれました。

レナータ・S

モバイル・フォレンジック・コンサルタント
⭐️⭐️⭐️⭐️⭐️
これまで多くのトレーニングを受けてきましたが、これほど没頭できて実践的なトレーニングはありませんでした。ハンズオン・ラボ、CTF、SQLite内部の組み合わせは、Androidアプリのデータを扱う私の仕事にとって信じられないほど価値のあるものでした。

イェルーン・V.

サイバー犯罪捜査官
⭐️⭐️⭐️⭐️⭐️
フリーリストのページを手動で再構築し、バリントを解読することで、トレーニングのわずか数週間後に事件を解決することができました。ジェームスは、複雑なトピックを明確かつ実践的に説明する稀有な能力を持っています。

SQLite Visualizer.
Visualize, Decode, Explore. All-in-One SQLite Analysis Suite.

SQLite Visualizer was developed to enhance the way forensic professionals interact with SQLite data, both during training and in real investigations. This forensic suite was originally designed specifically for this course to complement the techniques you’ll learn and make advanced database analysis more accessible and efficient.

このスイートは、デコード、可視化、解釈を1つのインターフェイスにまとめました。WALファイル、バリント、オーバーフローページ、構造化レコードを扱うプロセスを簡素化し、複雑なモバイルアプリのデータをより明確に把握できるようにします。

SQLite Forensicsコースでは、ラボや実世界のシナリオでコース全体を通してこのツールを使用し、コース終了後もこのツールを保管します。アプリのデータを調査したり、削除されたレコードを復元したり、調査結果を正確に検証したりする際に頼りになるリソースです。

This reflects our belief that effective training should leave you with practical skills and the tools and methods to apply them right away.

さらに詳しく
ED SQLite Visualizer — forensic SQLite analysis tool showing database structure, WAL frames and deleted record recovery
SQLITEフォレンジック
Mobile Forensics 2026

Why SQLite Still Matters in Mobile Forensics

SQLite remains the backbone of mobile app storage, powering everything from chat histories and location logs to app settings, cached media, and application artifacts.

Tools extract the data. SQLite knowledge explains it.

While forensic tools handle basic extraction well, they often stop short of revealing what is stored deeper inside database internals such as Write-Ahead Logs, overflow chains, freelists, or custom schemas unique to each app.

As mobile software evolves rapidly, examiners increasingly face situations where data is only partially decoded, misinterpreted, or missed altogether. Understanding the inner workings of SQLite has become essential for reliable mobile analysis.

This course was built with that reality in mind. You’ll learn how to break down SQLite at the structural level, recover data manually, interpret how records are organized, and spot patterns or anomalies that tools alone may not explain.

Practical outcome More control in complex or time-critical mobile investigations.
お問い合わせ

Related content

MacBookとApple PencilでiPadに表示されたロックされたApple Notesを解読するフォレンジック・ガイド

ガイドiOS 16.xでApple Notesを復号化する

この集中的なウォークスルーは、iOS 16.xデバイスから暗号化されたApple Notesを抽出するための明確で実践的なテクニックを調査者に提供します。デフォルトのツール出力を超えるように設計された実践的なステップバイステップのプロセスに従うことで、複雑なケースを効果的に処理するための洞察力と自信を得ることができます。

続きを読む
VarInt decoding example showing variable-length integer parsing for SQLite forensic analysis

VarInt電卓

VarInts を手動で解読することは、特に一貫性のないデータベースや見慣れないデータベースを操作する場合、フォレンジックプロセスのボトルネックになる可能性があります。このツールは解釈をスピードアップし、より深い分析に集中できるようにします。このツールは無料で使用でき、SQLite の内部を実際に操作する調査員向けに作られています。

続きを読む
Elusive Data SQLite Visualizer tool — digital forensics database analysis software

ついに。アプリデータの全体像を明らかにするオールインワンSQLiteフォレンジックプラットフォーム。

SQLiteVisualizer unifies visual exploration, decoding, SQL analysis, and deleted-data recovery into one seamless workflow. No exports, no tool switching, no lost context.

続きを読む
Protocol Buffers varint decoding in Python for digital forensics analysis

Blog: Protocol Buffers for Forensic Examiners: The Varint Trap

This article shows how protobuf varints differ from SQLite varints and why that distinction matters in mobile forensics. It includes a full hands-on walkthrough of decoding a protobuf blob, extracting fields, and decrypting the final message.

続きを読む
Pythonコード入りノートパソコンとスクリプト調査用フォレンジック機器

Course: Advanced, certified Python for mobile forensics

A transformative, certified program designed to take digital forensic professionals from basic experience to confident Python proficiency. Newly updated for 2026, this hands-on training teaches you to build your own scripts to extract, parse, and analyze hidden evidence from app data.

続きを読む
Diagram illustrating SQLite overflow page chains used to store large records across multiple database pages

ブログSQLiteオーバーフローページ

1つのSQLiteページが画像やメディアのような大きなコンテンツを保持できない場合、そのデータはオーバーフローページに流出します。このガイドでは、断片化したレコードを手動で復元する方法を説明し、一般的な切り分けツールが見落としがちな証拠を明らかにします。

続きを読む
最新情報

最新情報をお届けします。月刊ニュースレターにご登録ください。

新しいトレーニングの機会、無料ツール、ケースベースのブログ記事、実践的な洞察に関する情報をいち早くお届けします。私たちの月刊ニュースレターは、あなたがより速く学び、よりスマートにケースを解決し、決して立ち止まることのない分野で遅れを取らないようにするために作られています。

ご登録のEメールをご記入ください。

トレーニングのリクエスト

このリクエストに拘束力はありません。ご希望の日程と参加人数をお知らせください。折り返しご連絡させていただきます。

This SQLite forensics training is designed for digital forensics investigators who need to go beyond tool output. You’ll learn to manually parse SQLite database structures including B-tree pages, cell arrays, freelist pages, overflow chains, WAL files, SHM data, VarInt encoding, freeblock recovery, and protocol buffer interpretation. Whether you are investigating mobile device data, app databases, browser artifacts, or cloud-synced SQLite files, the course gives you the skills to extract, validate, and explain SQLite evidence with confidence. SQLite Visualizer is included with training packages to support hands-on analysis throughout the course.

自分のペースで学びたいですか?

オンデマンドで受講可能 →