## SQLite queries ##
-
- **Browsers**
- Mozilla Firefox *61+*:
- [firefox_places.sql](https://github.com/kacos2000/queries/blob/master/firefox_places.sql)
- [firefox_favicons.sql](https://github.com/kacos2000/queries/blob/master/firefox_favicons.sql)
- [firefox_formhistory.sql](https://github.com/kacos2000/queries/blob/master/firefox_formhistory.sql)
- [firefox_contentprefs.sql](https://github.com/kacos2000/queries/blob/master/firefox_contentprefs.sql)
- Opera *54+*
- [Opera_History.sql](https://github.com/kacos2000/queries/blob/master/Opera_History.sql)
- [Chrome_favicons.sql](https://github.com/kacos2000/queries/blob/master/chrome_favicons.sql) *(works with Opera as well)*
- Chrome *67+*
- [Opera_History.sql](https://github.com/kacos2000/queries/blob/master/Opera_History.sql) *(works with Chrome as well)*
- [Chrome_favicons.sql](https://github.com/kacos2000/queries/blob/master/chrome_favicons.sql)
- **Skype** *(version 7.21 & 7.41 dBs)*
- [skype_main.sql](https://github.com/kacos2000/queries/blob/master/skype_main_db.sql)
Query Skype's *(Classic)* main.db for chats & file transfers.
- [skype_cache_db](https://github.com/kacos2000/queries/blob/master/skype_cache_db.sql)
Query Skype's *(Classic)* both cache_db.db databases found at AppData\Roaming\UserProfile\media_messaging\
- 'emo_cache_v2\asyncdb\cache_db' *(cached Emoticons etc)* &
- 'media_cache_v3\asyncdb\cache_db' *(Cached Sent & Received images)* folders.
- [PowerShell script/sqlite query](https://github.com/kacos2000/queries/blob/master/cache_db.ps1) so that you can view the Hex Blob output
- [Sample Output (csv)](https://github.com/kacos2000/queries/blob/master/cache_db.csv)
- **Google Drive**
- Query Google Drive's [snapshot.db](https://github.com/kacos2000/queries/blob/master/GDrive_snapshot.sql) found at the '\AppData\Local\Google\Drive\user@' folder .
- Query Google Drive's [cloud_graph.db](https://github.com/kacos2000/queries/blob/master/GDrive_cloudgraph.sql) found at the '\AppData\Local\Google\Drive\user@\cloud_graph' folder
- **Android**
- [Android 7 Calllog.db (Call history)](https://github.com/kacos2000/queries/blob/master/calllog_db.sql)
- [Android 7 Contacts2.db (Contacts)](https://github.com/kacos2000/queries/blob/master/contacts2.sql)
- [Android 9 Contacts2.db (Call history)](https://github.com/kacos2000/queries/blob/master/contacts2calls.sql)
- [Android logs.db (Samsung Calls/messages)](https://github.com/kacos2000/queries/blob/master/logs_db.sql)
- **IOS**
- [IOS 'Accounts3.sqlite' (Accounts)](https://github.com/kacos2000/queries/blob/master/Accounts3_sqlite.sql)
- [IOS 'calendar.sqlitedb' (Calendar)](https://github.com/kacos2000/queries/blob/master/calendar_sqlitedb.sql)
- [IOS 'Extras.db' (Calendar)](https://github.com/kacos2000/queries/blob/master/calendar_extras.sql)
- [IOS 'AddressBook.sqlitedb' (AddressBook)](https://github.com/kacos2000/queries/blob/master/AddressBook_sqlite.sql)
- [IOS 'AddressBookImages.sqlitedb' (AddressBook Images)](https://github.com/kacos2000/queries/blob/master/AddressBookImages_sqlite.sql)
- [IOS 11 'Photos.sqlite'](https://github.com/kacos2000/queries/blob/master/Photos_sqlite11.sql)
- [IOS 7+ 'Photos.sqlite'](https://github.com/kacos2000/queries/blob/master/Photos_sqlite.sql)
- [IOS 3 'Photos.sqlite'](https://github.com/kacos2000/queries/blob/master/Photos_sqlite3.sql)
- [IOS 'iPhotoLite.db'](https://github.com/kacos2000/queries/blob/master/iPhotoLitedb.sql)
- [IOS 'healthdb.sqlite'](https://github.com/kacos2000/queries/blob/master/healthdb.sql)
- [IOS 'healthdb_secure.sqlite'](https://github.com/kacos2000/queries/blob/master/healthdb_secure.sql)
- [IOS 'knowledgec.db'](https://github.com/kacos2000/queries/blob/master/knowledgec_db.sql)
- [IOS 'notes.sqlite'](https://github.com/kacos2000/queries/blob/master/notes_sqlite.sql)
- [IOS 'Recents' db (Mail)](https://github.com/kacos2000/queries/blob/master/recents.sql)
- [IOS 'sms.db' (SMS/iMessages)](https://github.com/kacos2000/queries/blob/master/sms_db.sql)
- [IOS 'callhistory.storedata' (Call history)](https://github.com/kacos2000/queries/blob/master/callhistory_storedata.sql)
- [Hike Sticker Chat (com.bsb.hike)](https://github.com/kacos2000/queries/blob/master/bsb_hike_messagesDB_sqlite.sql)
- ['contacts.data' (Viber Messages)](https://github.com/kacos2000/queries/blob/master/Viber_Contacts_Data_messages.sql)
- ['ChatStorage.sqlite' (WhatsApp Messages)](https://github.com/kacos2000/queries/blob/master/WhatsApp_Chatstorage_sqlite.sql)
- **Windows 10**
- [Samsung Flow App 'Notifications.db'](https://github.com/kacos2000/queries/blob/master/Samsung_Flow_Notifications_db.sql) - *Note:* dB Files are EFS encrypted
- [Encapsulation.db](https://github.com/kacos2000/Queries/blob/master/Encapsulationdb.sql) found at 'C:\Windows\appcompat\encapsulation\Encapsulation.db'
- **Windows 10 diagnostics stuff**
*from 'C:\ProgramData\Microsoft\Diagnosis\EventTranscript\EventTranscript.db' ([more info here](https://github.com/rathbuna/EventTranscript.db-Research))*
- [List unigue Event Names in the dB](https://github.com/kacos2000/Queries/blob/master/EventTranscript_GetEventNameList.sql)
- *Sample [list (csv)](https://github.com/kacos2000/Queries/blob/master/full_event_names.csv) with 2800+ event names*
- [ClipboardHistory](https://github.com/kacos2000/Queries/blob/master/ClipboardHistory.Service.sql)
- [SoftwareUpdateClientTelemetry](https://github.com/kacos2000/Queries/blob/master/SoftwareUpdateClientTelemetry.sql)
- [Edge & Apps WebHistory](https://github.com/kacos2000/Queries/blob/master/Microsoft.WebBrowser.sql)
- [Virtual Desktop](https://github.com/kacos2000/Queries/blob/master/VirtualDesktop.sql)
- [YourPhone app](https://github.com/kacos2000/Queries/blob/master/MobilityExperience.YourPhone.sql)
- [Windows.Networking](https://github.com/kacos2000/Queries/blob/master/Windows.Networking.sql)
- [**NetworkingTriage**](https://github.com/kacos2000/Queries/blob/master/NetworkingTriage.sql) *(includes info from Windows.Networking)*
- [**AppInteractivity + AppInteractivitySummary**](https://github.com/kacos2000/Queries/blob/master/AppInteractivity.sql) *(more info [here](https://www.kroll.com/en/insights/publications/cyber/forensically-unpacking-eventtranscript/forensic-quick-wins-with-eventtranscript))*
- [Device Census (settings)](https://github.com/kacos2000/Queries/blob/master/Census.sql)
- [DxgKrnlTelemetry Client Running Time](https://github.com/kacos2000/Queries/blob/master/ClientRunningTime.sql)
- [AppStateChangeSummary](https://github.com/kacos2000/Queries/blob/master/AppStateChangeSummary.sqll)
- [ProcessLoggingFile & ProcessLoggingRegistry](https://github.com/kacos2000/Queries/blob/master/ProcessLogging.sql)
- [FileSystem NTFS,EXFAT,FAT Mount + Volume Info](https://github.com/kacos2000/Queries/blob/master/FileSystem.Mount.sql)