TEELTECH SQLite COMPLETE 5-DAY FORENSICS TRAINING

Our new 5-day SQlite Forensics Training now combines our 3-day SQlite Foundations & 2-Day Advanced SQLite training into one all encompassing class!

Since their initial introduction in 2007, Smartphones have come to dominate the cellular phone marketplace quickly making feature phones nearly obsolete. This domination is split fairly evenly between two major companies: Google with their Android OS and Apple touting their own iOS. Even though both of these companies are business rivals and their file systems are significantly different, both share a commonality in that they both store a majority of their user data within a data storage container type called SQLite. “SQLite is an in-process library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine.”[1] Mobile Forensic Analysts can easily leverage this commonality, by learning the skills required to perform low-level analysis and recovery on SQLite databases. Once learned and mastered, examiners, can then support nearly 99% of the device data they will come across in the majority of their mobile device examinations. To illustrate the vast amount of work to be done, as of January 2015, the Google Play Store reported 1.43 Million Applications being available in its Google Play Store[2]. At the same time, Apple’s iTunes Store reported over 1.4 Million apps currently being available for download. That’s a total of over 2.8 MILLION apps. Even the most popular mobile forensic tool only supports parsing of 200 different applications. This support accounts for a minuscule %001 of the total apps and leaves a 99.999% gap!

silver-apple-logowSQLite
AndroidwSQLite

What Will I Learn?

This class will help examiners close that gap by teaching the students:

  • How SQLite works at the byte-level
  • What are the different types of SQLite data components
  • What are the 5 common locations to recover SQLite data
  • How to perform report data validation
  • How to Reverse Engineer ANY SQLite database
  • Converting and identifying virtually any date format easily
  • Display BLOB data within the forensic tool
  • How to use a tool designed from the ground-up as a forensic tool
  • How to recover data from .SHM, .WAL and .journal files
  • How to generate reports quickly from any SQLite database to include external linked images

 

This IS the future of digital mobile forensics!

Students Receive a Full Version of Sanderson Forensics SQLite Forensic Toolkit Software ($495 value). Students also receive a free six-month license of Andriller software.

Laptop Minimum Requirements

We encourage students to bring their own laptops whenever possible. If this is not possible, please contact us in order to find a solution. If you do plan on bringing your own laptop, please ensure the meet the following requirements.

Laptop Minimum Requirements

  • Windows 7
  • Windows 8.x and 10.x using these instructions (turn off driver sig enforcement)
  • macOS with Bootcamp Windows 7
  • macOS with Bootcamp Windows 8.x and Win 10.x using these instructions
  • macOS alone will not work (No Virtual Machines)
  • 8GB RAM (minimum)
  • 100GB storage (minimum)
  • You must have Admin rights or have the admin password for software installation.
  • NOTE: ALL Windows updates should be done prior to class

Optional

  • Cellebrite P.A. Dongle
  • Encase, FTK, X-Ways Dongle
  • Access to a HEX editor
  • External USB 3.0 Storage Device

Registration

Description TeelTech SQLite Forensics
Date 02.03.2020 – 06.03.2020
20.07.2020 – 24.07.2020
Place Zürich (Uster)
Duration 5 days
Language English
Min. Participants 6
Max. Participants 12
Price CHF 3’950.00 excl. VAT

Important Information! Classes are not confirmed until 30 days prior to course start. Please do not consider an acknowledgement letter or invoice as confirmation that a class will definitely run. Please feel free to contact us to before making travel arrangements, to confirm the class is going forward. A confirmation notice will be issued when a class is confirmed, or a cancellation notice if it will not be held.

Select Training Date
02.03.2020 – 06.03.202020.07.2020 – 24.07.2020

Overview Mobile Forensics Training

 

Description Date Place Registration
Essential Smartphone Forensics 13.01.2020 – 17.01.2020 Zürich (Uster), Switzerland Details
JTAG Forensic Training 20.01.2020 – 24.01.2020 Zürich (Uster), Switzerland Details
ISP Forensic Training 27.01.2020 – 31.01.2020 Zürich (Uster), Switzerland Details
Chip-Off Forensic Training 03.02.2020 – 07.02.2020 Zürich (Uster), Switzerland Details
Advanced Flasher Box Bootloader Training 10.02.2020 – 14.02.2020 Zürich (Uster), Switzerland Details
Embedded Hardware Forensic Training 17.02.2020 – 21.02.2020 Zürich (Uster), Switzerland Details
SQLite Forensics 5-Day Complete 02.03.2020 – 06.03.2020 Zürich (Uster), Switzerland Details
Advanced Flasher Box Bootloader Training (French) 23.03.2020 – 27.03.2020 Delémont, Switzerland Details
Essential Smartphone Forensics 01.06.2020 – 05.06.2020 Zürich (Uster), Switzerland Details
JTAG Forensic Training 08.06.2020 – 12.06.2020 Zürich (Uster), Switzerland Details
ISP Forensic Training 15.06.2020 – 19.06.2020 Zürich (Uster), Switzerland Details
Chip-Off Forensic Training 22.06.2020 – 26.06.2020 Zürich (Uster), Switzerland Details
Advanced Flasher Box Bootloader Training 29.06.2020 – 03.07.2020 Zürich (Uster), Switzerland Details
Embedded Hardware Forensic Training 06.07.2020 – 10.07.2020 Zürich (Uster), Switzerland Details
SQLite Forensics 5-Days Complete 20.07.2020 – 24.07.2020 Zürich (Uster), Switzerland Details

Mehr über unsere Trainings erfahren?