Sqlite

Any Autopsy specific discussions, events, module releases, that don't fall into the other categories.

Moderator: carrier

Sqlite

Postby Gamblestein » Wed Jul 08, 2015 11:55 pm

Greetings,

I was curious if Autopsy allowed reporting of Sqlite databases. I see that it reports browser information which leads me to believe it has some Sqlite parsing capabilities; however, it is unclear to what extent.

Thanks!
Gamblestein
 
Posts: 3
Joined: Wed Jul 08, 2015 11:46 pm

Re: Sqlite

Postby carrier » Fri Jul 10, 2015 1:18 pm

Autopsy doesn't have general purpose SQLite support. It has various modules (mainly in the Android and Recent Activity) that need to parse specific databases to turn them into blackboard artifacts, but that is it. The text from the database will be indexed, but not in a special tabular form.
carrier
 
Posts: 45
Joined: Thu May 15, 2014 3:31 pm

Re: Sqlite

Postby Gamblestein » Sat Aug 15, 2015 2:47 pm

I have created two Modules for Autopsy under a project titled SQLGrab. This was an effort for an NYU digital forensics course. I would like to offer them for public use as a third party module for Autopsy.

The project an be found on Gitbub:
https://github.com/gamblestein/SqlGrab

The first module is an content viewer module that creates a SQLlite tab. Within this tab it creates subtabs for all tables in a SQLite databases with their data. It also creates a deleted text tab with deleted content from the sqlite database.

The second module is a report module that allows the user to query a SQLite database file with custom queries and output them to a CSV file.

Both modules are functional but have plenty of room for hardening and enhancements. I hope to continue work on the modules until a maturity level is reached.
Gamblestein
 
Posts: 3
Joined: Wed Jul 08, 2015 11:46 pm

Re: Sqlite

Postby rpav » Sat Sep 05, 2015 2:09 am

Gamblestein wrote:I have created two Modules for Autopsy under a project titled SQLGrab.

How to add your modules to Autopsy? Are there .nbm (plugin dist) or .jar files?
Thank you for advice, roman
rpav
 
Posts: 4
Joined: Thu Sep 03, 2015 3:39 am
Location: Czech Republic

Re: Sqlite

Postby Gamblestein » Wed Nov 11, 2015 9:16 pm

Roman,

They are an .nbm plugin.

-Gamblestein
Gamblestein
 
Posts: 3
Joined: Wed Jul 08, 2015 11:46 pm


Return to Autopsy General

Who is online

Users browsing this forum: No registered users and 1 guest

cron