• DocumentCode
    1616294
  • Title

    Recovery of SQLite Data Using Expired Indexes

  • Author

    Ramisch, Felix ; Rieger, Martin

  • Author_Institution
    Fac. Comput. Sci., Albstadt-Sigmaringen Univ., Albstadt, Germany
  • fYear
    2015
  • Firstpage
    19
  • Lastpage
    25
  • Abstract
    SQLite databases have tremendous forensic potential. In addition to active data, expired data remain in the database file, if the option secure delete is not applied. Tests of available forensic tools show, that the indexes were not considered, although they may complete the recovery of the table structures. Algorithms for their recovery and combination with each other or with table data are worked out. A new tool, SQLite Index Recovery, was developed for this study. The use with test data and data of Apple Mail shows, that the recovery of indexes is possible and enriches the recovery of ordinary table data.
  • Keywords
    database indexing; digital forensics; relational databases; Apple Mail data; SQLite data recovery; SQLite databases; SQLite index recovery; active data; database file; expired data; forensic tools; table data; table structure recovery; test data; File systems; Forensics; Indexes; Metadata; Oxygen; Postal services; Apple Mail; SQLite; database; expired data; forensic tool; free block; index; recovery;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    IT Security Incident Management & IT Forensics (IMF), 2015 Ninth International Conference on
  • Conference_Location
    Magdeburg
  • Print_ISBN
    978-1-4799-9902-6
  • Type

    conf

  • DOI
    10.1109/IMF.2015.11
  • Filename
    7195803
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1616294