Conference ProceedingsOPEN ACCESS

A standardized corpus for SQLite database forensics

DFRWS 2018 EU - Proceedings of the 5th Annual DFRWS Europe (2018) S121-S130
DOI: 10.1016/j.diin.2018.01.015
3Citations
Citations of this article
109Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

An increasing number of programs like browsers or smartphone apps are using SQLite3 databases to store application data. In many cases, such data is of high value during a forensic investigation. Therefore, various tools have been developed that claim to support rigorous forensic analysis of SQLite database files, claims that are not supported by appropriate evidence. We present a standardized corpus of SQLite files that can be used to evaluate and benchmark analysis methods and tools. The corpus contains databases which use special features of the SQLite file format or contain potential pitfalls to detect errors in forensic programs. We apply our corpus to a set of six available tools and evaluate their strengths and weaknesses. In particular, we show that none of these tools can reliably handle all corner cases of the SQLite3 format.

Author supplied keywords

Cite

CITATION STYLE

APA

Nemetz, S., Schmitt, S., & Freiling, F. (2018). A standardized corpus for SQLite database forensics. In DFRWS 2018 EU - Proceedings of the 5th Annual DFRWS Europe (pp. S121–S130). Digital Forensic Research Workshop. https://doi.org/10.1016/j.diin.2018.01.015

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free