Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Stop criminals in their tracks
Don’t let criminals destroy your life
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Divorce, custody battles, and other
Win the most important battle of your life
Everything you need
Effective Expert Witness in Court
Evidence shows who is telling the truth
Subpoena power yields strong evidence
Digital evidence can build a strong defense
Nowadays recovering deleted records from SQLite databases is a common task during lots of forensic investigations.
Of course, there are a lot of commercial tools that can help an examiner with such recovery, for example, Belkasoft Evidence Center, but it’s always good to have a number of variants to check the results, especially open source ones.
One of such tools is called Undark. It’s an open source SQLite deleted and corrupted data recovery tool, developed by Paul L. Daniels, and can be used both in computer forensics (for example, to recover deleted Chrome browser history) and mobile forensics (for example, to recover deleted SMS messages).
So, what can it do?
It’s important to note that deleted SQLite records can be recovered only if the database has not been fully vacuumed and defragmented. If it is, there is no chance of recovery. What is more, Undark does not differentiate between current and deleted data, you’ll have to check it manually, for example, using Sqliteman.
Using of the tool is quite straightforward:
undark.exe -i source_database.db > output_file.csv
As a result, you’ll get an CSV file with all records stored in the database.
The latest release of the tool is version 0.7 – with floating-point decoding issue fixed by Steven Lee. Both win32 binary and source code can be downloaded here.
Save my name, email, and website in this browser for the next time I comment.