I am pretty experienced in SQLite forensics, but this book filled some gaps in my skills, increased understanding in some areas, and even answered a question I have had for years when working with SQLite. Got this book around noon, and finished it by that evening.
While much, if not all of the information is found on SQLite.org (as shown in his sourcing at the end of each chapter) the clarity, depth, and real world examples are where you get more than what you pay for with this book. The question of "How do I locate each individual column in hex contained in a cell or freeblock?" had been driving me crazy for years. Within the first 100 pages...boom! Knowledge unlocked! I knew the rowid and payload size were VARINTs... didn't know the VARINTs kept going!
Even in the brief chapter on writing SQL query statements... never knew about INSTR() or GROUP_CONCAT(). Now I have some new stuff to play with.
All in all if you are doing forensic examinations of SQLite this is a book you must have. We will all still use tools to do the bulk recovery, but this will help free you from being dependent to them as you can learn the structures, and how to rebuild, reformat, and report on your work.
- Paperback: 315 pages
- Publisher: Independently published (12 May 2018)
- Language: English
- ISBN-10: 1980293074
- ISBN-13: 978-1980293071
- Product Dimensions: 19 x 1.8 x 23.5 cm
- Boxed-product Weight: 685 g
- Average Customer Review: Be the first to review this item
- Amazon Bestsellers Rank: 134,927 in Books (See Top 100 in Books)