Have you ever needed to create a report from an SQLite database that is not supported by your current forensic tools, or your current forensic tool only supplies a subset of the data? Have you looked at an SQLite database and been frustrated that a date column is displayed as just a string of user unfriendly digits? Would you like to look at a blob field as a picture rather than just see "blob" displayed in the field? Would you like to create a PDF report with just a few columns in a particular order from certain users sorted by a date field? Would you like to do this just using drag and drop and your mouse?

Forensic Browser for SQLite allows you (all without typing a single sql query) to:


Automatically recovered deleted and partial records from DBs and associated journals/WALs
Remove duplicate records if required
Identify multiple previous database states from DBs with WAL files
Break down complex Binary Plist and facebook orca2 blobs and perform queries on resulting data
Perform a simple visual select on some or all of the fields in a table
Perform more complex visual joins on multiple tables
Add groups, aliases and where clauses if required
View the resulting SQL select commands of the above
See the resulting table in a grid form and further sort and filter results
Convert numbers to dates (Unix10/13, Windows 64 bit, NSDate/Chrome, Mac absolute and more)
Find and display pictures in blobs (JPG, PNG, GIF, TIF etc.)
Import pictures held in the file system to associate and display in a query/report
Display a number as meaningful text (sent/received/draft etc.)
Display latitude and longitude fields on a map
Export a selected blob or all blobs in DB to a file
Build and integrate custom extensions
See the hex that relates to as particular record and identify exactly where in a DB/journal/WAL the record comes from
See hex view of blobs
Decode a binary plist stored as a blob
Decode base64 encoded text/data
Choose which columns you want to see in the grid/report
Iteratively go back and modify your SQL if the results are not as expected
Highlight SQL errors if you choose to create queries by hand (no errors if you use the drag and drop visual query designer)
Preview a report with custom headers/footers/formatting
Print the report to a HTML/XLSX/CSV/PDF and save your SQL query with the report
Unicode support
Add different formats for dates and times in individual fields
On the fly Timezone adjustments
Find and review all SQLite databases in a folder structure
Translate IOS backup folder names
Maintain a query history that you can revisit
Provide a case manager for often used queries that you can share between users
Attach and query across multiple databases
Maintain a case log of actions

I have written browser extensions to:

Extract and display the images (attachments) for the Kik messenger stored in external binary plists
Convert Facebook geolocation fields so that the browser can display a map of where a message was sent
Decode Tango messenger base64 encoded message structures
Import downloaded pictures saved with Blackberry messenger on IOS
View the content of the Google Chrome Cache files
Decode the usernames and IP addresses from Skype ChatSync files

Dates and times in databases are rarely stored in human readable format, but rather are normally stored as one of a variety of encoded values, usually a large number. The Forensic Browser allows you to use an alternate display for a numeric field (without cluttering the output grid with extra columns), this display will also be carried through to any report.

A number of applications embed images as blobs within tables (Skype and WhattsApp are two common ones). The Forensic Browser allows the user to display blob fields as pictures (jpg, ico, png, bmp, gif, tif), and again carry through these pictures to any report.

Database designers regularly use numbers to represent different values yes/no male/female sent/received/draft etc. the Forensic Browser allows you to provide custom aliases for numbers in columns and save them for re-use.

This animated gif shows a 10 digit unix epoch date converted to a date/time string, a jpg held in a blob displayed as the users picture/avatar and a numeric "gender" field converted to a pre-entered set of aliases "male, female or unknown".

Creating a report with The Forensic Browser is as simple as choosing what tables and fields you want, convert date formats and press the create report button. Reports can be customised for layout with user defined headers and footers, background colour, landscape or portrait page orientation... Reports can be saved to HTML/XLSX/CSV.

The Forensic Browser can do much more than create a simple report on one table from a database. More complex queries can be designed to amalgamate data from two or more tables (for example you could show the avatar of a Skype user next to each message they authored). Or, as in the example below from the Kik application, join two tables so that the username can be shown next to a message, rather than the user ID. Alternatively, you could create a report showing just the messages between a selection of users from a Skype database, or as in the screen shot below the Skype conversations using the messages table joined with the contacts table to show the avatar image of the author of each message.

Only for V.I.P