2019-06-19 10:19:11 +00:00
## SQLite queries ##
-
2018-08-08 10:38:49 +00:00
- **Browsers**
- Mozilla Firefox *61+* :
- [firefox_places.sql ](https://github.com/kacos2000/queries/blob/master/firefox_places.sql )
- [firefox_favicons.sql ](https://github.com/kacos2000/queries/blob/master/firefox_favicons.sql )
- [firefox_formhistory.sql ](https://github.com/kacos2000/queries/blob/master/firefox_formhistory.sql )
- [firefox_contentprefs.sql ](https://github.com/kacos2000/queries/blob/master/firefox_contentprefs.sql )
2018-08-07 23:49:08 +00:00
2018-08-08 10:38:49 +00:00
- Opera *54+*
- [Opera_History.sql ](https://github.com/kacos2000/queries/blob/master/Opera_History.sql )
- [Chrome_favicons.sql ](https://github.com/kacos2000/queries/blob/master/chrome_favicons.sql ) *(works with Opera as well)*
- Chrome *67+*
- [Opera_History.sql ](https://github.com/kacos2000/queries/blob/master/Opera_History.sql ) *(works with Chrome as well)*
- [Chrome_favicons.sql ](https://github.com/kacos2000/queries/blob/master/chrome_favicons.sql )
2018-08-08 00:01:23 +00:00
2018-08-23 17:13:19 +00:00
- **Skype** *(version 7.21 & 7.41 dBs)*
2018-08-23 03:37:10 +00:00
2018-08-23 17:12:15 +00:00
- [skype_main.sql ](https://github.com/kacos2000/queries/blob/master/skype_main_db.sql )< br >
Query Skype's *(Classic)* main.db for chats & file transfers.< br >
2018-08-23 17:13:19 +00:00
2018-08-23 17:12:15 +00:00
- [skype_cache_db ](https://github.com/kacos2000/queries/blob/master/skype_cache_db.sql )< br >
Query Skype's *(Classic)* both cache_db.db databases found at AppData\Roaming\UserProfile\media_messaging\ < br >
- 'emo_cache_v2\asyncdb\cache_db' *(cached Emoticons etc)* & < br >
- 'media_cache_v3\asyncdb\cache_db' *(Cached Sent & Received images)* folders.< br >
2018-08-23 17:13:19 +00:00
2018-08-23 17:12:15 +00:00
- [PowerShell script/sqlite query ](https://github.com/kacos2000/queries/blob/master/cache_db.ps1 ) so that you can view the Hex Blob output< br >
2018-09-04 18:20:36 +00:00
- [Sample Output (csv) ](https://github.com/kacos2000/queries/blob/master/cache_db.csv )< br >< br >
2018-08-23 03:37:10 +00:00
2018-09-04 18:20:36 +00:00
- **Google Drive** < br >
2019-06-18 15:08:09 +00:00
- Query Google Drive's [snapshot.db ](https://github.com/kacos2000/queries/blob/master/GDrive_snapshot.sql ) found at the '\AppData\Local\Google\Drive\user@' folder .< br >
- Query Google Drive's [cloud_graph.db ](https://github.com/kacos2000/queries/blob/master/GDrive_cloudgraph.sql ) found at the '\AppData\Local\Google\Drive\user@\cloud_graph' folder < br >< br >
2019-06-05 07:25:18 +00:00
- **Android** < br >
2019-06-18 15:08:09 +00:00
- [Android 7 Calllog.db (Call history) ](https://github.com/kacos2000/queries/blob/master/calllog_db.sql )< br >
- [Android 7 Contacts2.db (Contacts) ](https://github.com/kacos2000/queries/blob/master/contacts2.sql )< br >
2019-07-01 15:18:46 +00:00
- [Android 9 Contacts2.db (Call history) ](https://github.com/kacos2000/queries/blob/master/contacts2calls.sql )< br >
- [Android logs.db (Samsung Calls/messages) ](https://github.com/kacos2000/queries/blob/master/logs_db.sql )< br >< br >
2019-06-18 15:08:09 +00:00
2019-06-18 14:31:42 +00:00
- **IOS** < br >
2019-06-18 19:04:53 +00:00
- [IOS 'Accounts3.sqlite' (Accounts) ](https://github.com/kacos2000/queries/blob/master/Accounts3_sqlite.sql )< br >
2019-06-19 10:19:11 +00:00
- [IOS 'calendar.sqlitedb' (Calendar) ](https://github.com/kacos2000/queries/blob/master/calendar_sqlitedb.sql )< br >
- [IOS 'Extras.db' (Calendar) ](https://github.com/kacos2000/queries/blob/master/calendar_extras.sql )< br >
2019-06-18 19:04:53 +00:00
- [IOS 'AddressBook.sqlitedb' (AddressBook) ](https://github.com/kacos2000/queries/blob/master/AddressBook_sqlite.sql )< br >
2019-06-19 07:57:57 +00:00
- [IOS 'AddressBookImages.sqlitedb' (AddressBook Images) ](https://github.com/kacos2000/queries/blob/master/AddressBookImages_sqlite.sql )< br >
2019-06-26 12:15:35 +00:00
- [IOS 11 'Photos.sqlite' ](https://github.com/kacos2000/queries/blob/master/Photos_sqlite11.sql )< br >
2019-06-19 16:59:41 +00:00
- [IOS 7+ 'Photos.sqlite' ](https://github.com/kacos2000/queries/blob/master/Photos_sqlite.sql )< br >
- [IOS 3 'Photos.sqlite' ](https://github.com/kacos2000/queries/blob/master/Photos_sqlite3.sql )< br >
2019-06-18 15:08:09 +00:00
- [IOS 'iPhotoLite.db' ](https://github.com/kacos2000/queries/blob/master/iPhotoLitedb.sql )< br >
- [IOS 'healthdb.sqlite' ](https://github.com/kacos2000/queries/blob/master/healthdb.sql )< br >
- [IOS 'healthdb_secure.sqlite' ](https://github.com/kacos2000/queries/blob/master/healthdb_secure.sql )< br >
2019-09-16 19:46:31 +00:00
- [IOS 'knowledgec.db' ](https://github.com/kacos2000/queries/blob/master/knowledgec_db.sql )< br >
2019-06-18 15:08:09 +00:00
- [IOS 'notes.sqlite' ](https://github.com/kacos2000/queries/blob/master/notes_sqlite.sql )< br >
2019-06-26 17:15:32 +00:00
- [IOS 'Recents' db (Mail) ](https://github.com/kacos2000/queries/blob/master/recents.sql )< br >
2019-06-18 15:08:39 +00:00
- [IOS 'sms.db' (SMS/iMessages) ](https://github.com/kacos2000/queries/blob/master/sms_db.sql )< br >
2019-06-26 13:10:00 +00:00
- [IOS 'callhistory.storedata' (Call history) ](https://github.com/kacos2000/queries/blob/master/callhistory_storedata.sql )< br >
2019-06-26 14:03:27 +00:00
- [Hike Sticker Chat (com.bsb.hike) ](https://github.com/kacos2000/queries/blob/master/bsb_hike_messagesDB_sqlite.sql )< br >
2019-06-26 17:15:32 +00:00
- ['contacts.data' (Viber Messages) ](https://github.com/kacos2000/queries/blob/master/Viber_Contacts_Data_messages.sql )< br >
- ['ChatStorage.sqlite' (WhatsApp Messages) ](https://github.com/kacos2000/queries/blob/master/WhatsApp_Chatstorage_sqlite.sql )< br >
2019-06-26 13:10:00 +00:00
2021-03-13 11:46:55 +00:00
- **Windows 10** < br >
2021-07-10 07:46:16 +00:00
- [Samsung Flow App 'Notifications.db' ](https://github.com/kacos2000/queries/blob/master/Samsung_Flow_Notifications_db.sql ) - *Note:* dB Files are EFS encrypted < br >
- [Encapsulation.db ](https://github.com/kacos2000/Queries/blob/master/Encapsulationdb.sql ) found at 'C:\Windows\appcompat\encapsulation\Encapsulation.db' < br >
2021-07-11 08:50:45 +00:00
- **Windows 10 diagnostics stuff**
2021-07-11 19:01:00 +00:00
*from 'C:\ProgramData\Microsoft\Diagnosis\EventTranscript\EventTranscript.db' ([more info here](https://github.com/rathbuna/EventTranscript.db-Research))*
2021-07-10 07:46:16 +00:00
- [ClipboardHistory ](https://github.com/kacos2000/Queries/blob/master/ClipboardHistory.Service.sql ) < br >
- [SoftwareUpdateClientTelemetry ](https://github.com/kacos2000/Queries/blob/master/SoftwareUpdateClientTelemetry.sql ) < br >
2021-07-11 08:04:07 +00:00
- [Edge & Apps WebHistory ](https://github.com/kacos2000/Queries/blob/master/Microsoft.WebBrowser.sql ) < br >
2021-07-11 08:50:09 +00:00
- [Virtual Desktop ](https://github.com/kacos2000/Queries/blob/master/VirtualDesktop.sql ) < br >
2021-07-11 12:44:06 +00:00
- [YourPhone app ](https://github.com/kacos2000/Queries/blob/master/MobilityExperience.YourPhone.sql ) < br >
2021-07-11 18:57:58 +00:00
- [Windows.Networking ](https://github.com/kacos2000/Queries/blob/master/Windows.Networking.sql ) < br >
- [**NetworkingTriage** ](https://github.com/kacos2000/Queries/blob/master/NetworkingTriage.sql ) *(includes info from Windows.Networking)* < br >
2021-07-12 04:31:01 +00:00
- [**AppInteractivitySummary** ](https://github.com/kacos2000/Queries/blob/master/AppInteractivity.sql ) *(more info [here](https://www.kroll.com/en/insights/publications/cyber/forensically-unpacking-eventtranscript/forensic-quick-wins-with-eventtranscript))* < br >
2019-07-07 14:44:55 +00:00
