![]() wal files).įor example the popular WhatsApp third party messaging app (available for iOS, Android and BlackBerry) uses an SQLite database structure to store messaging data in an encrypted format. The prevalent and widespread use of SQLite database files has become so widespread that, as a digital forensics examiner, it would be prudent to understand the structure of these files and their associated journaling mechanisms (.journal. Most specifically in relation to mobile forensics, SQLite database files are encountered in at least three of smart phone operating systems already mentioned. Therefore, it is important for digital forensics examiner to understand how to obtain both live and deleted records from an SQLite database. SQLite database files can be found in non-mobile device applications like Skype, Firefox, and Google Chrome Browser, to name a few. Hence, when I am not on my Windows machines, I am using my Mac and I don’t want to necessarily boot into my Windows to run these tools. And besides I work better in GUI tools than command line. To be fair, I am not a coder so to try and customize the scripts to have the same or similar functionality would be pointless. Sure I could use an array of Python scripts custom made (by others) but these scripts only take me so far. There are no Mac OS X equivalents that I am aware of that allow a Mac user the same functionality. Both of these tools are excellent for analyzing SQLite files. ![]() My desire to use CrossOver was a need to use both Oxygen Forensic SQLite Viewer (OFSV) and Sanderson SQLite Forensic Toolkit on a Mac (not in Bootcamp or through a Virtual Machine appliance). Let me digress briefly from the main article to elaborate on the importance of SQLite database analysis. More than likely, most forensic tools will have to be approached as installed through ‘Unsupported Application -> Other Application’ process. I thought for those examiners that would like to approach running their tools in this manner (without Parallels or VM Fusion) it might be an option as virtual machines can be resource hogs.ĬrossOver does have support for specific applications that have already been ported and have a pre-configured porting profile (also referred to as bottle). Why am I using CrossOver to run my Windows software? I am on my Mac 90% of the time doing things when not in the lab and using Windows machines and there are times when (on my Mac) I need to run my most often used Windows forensic tools. But I have not had the time to try this yet and not sure if I will. Yes, there are other free emulation environments like Wineskin Winery ( ) that can port Windows software to Mac OS X. The cost to buy CrossOver is 59.95 USD with 12 months of email support and upgrades and one free phone support incident. CO creates a virtual Windows environment for the Windows applications to operate under, without having to have a Windows licence or have a Windows operating system installed.ĬrossOver differences versus virtual machines or dual booting: ĬrossOver is not a free software the trial version is 14 day free fully functioning with no restrictions. What is CrossOver (or I refer to as ‘CO’)? This is a software program developed by Codeweavers ( ), which allows Mac and Linux users to run Windows software on a Mac or Linux environment. In my case I am using Mac OS 10.10.1 with Crossover 14.6 in full trial mode. ![]() This document is not a thorough and complete understanding of the capabilities or limitations of CrossOver. The process or steps I describe in this post are not the only way to install Windows applications into CrossOver. I had to peruse the CrossOver wiki and support areas in order to understand what needed to be accomplished for unsupported applications to work.ĭisclaimer: I am not affiliated with either CrossOver, Sanderson Forensics or any other product developer mentioned in this article. I apologize in advance for the lengthy read but please take the time to read everything and understand the concepts. ![]() This article is related to running Sanderson SQLite Forensic Toolkit on a Mac OS X system. In Revision 2, I have added a small section, to highlight the importance of understanding SQLite databases and using SQLite tools in order to analyze the information contained within SQLite database files. Revision 1 of this article was initially published on Januon Sanderson Forensics Forum.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |