Queries

mirror of https://github.com/kacos2000/Queries synced 2024-11-16 06:12:50 +00:00

Go to file

Costas K 86dceffc69 Add files via upload		2021-07-11 15:40:01 +03:00
_config.yml	Set theme jekyll-theme-midnight	2018-08-08 02:45:59 +03:00
Accounts3_sqlite.sql	IOS	2019-06-25 11:54:22 +03:00
AddressBook_sqlite.sql	IOS	2019-06-26 15:29:16 +03:00
AddressBookImages_sqlite.sql	IOS	2019-06-19 10:56:34 +03:00
bsb_hike_messagesDB_sqlite.sql	IOS	2019-06-26 17:00:34 +03:00
cache_db.csv	Update cache_db.csv	2018-08-23 06:27:11 +03:00
cache_db.ps1	Add files via upload	2018-08-23 06:25:42 +03:00
calendar_extras.sql	IOS	2019-06-19 13:15:43 +03:00
calendar_sqlitedb.sql	IOS	2019-06-26 15:25:38 +03:00
callhistory_storedata.sql	IOS	2019-06-18 17:22:10 +03:00
calllog_db.sql	Android 7 - calllog.db Call History	2019-06-06 14:23:06 +03:00
Calls.xml	Magnet Axion 3 custom artifact - Android Call History	2019-06-06 14:24:57 +03:00
chrome_favicons.sql	Add files via upload	2018-08-08 13:36:11 +03:00
ClipboardHistory.Service.sql	Add files via upload	2021-07-10 07:57:19 +03:00
contacts2.sql	Android 7 contacts	2019-06-06 15:59:14 +03:00
contacts2calls.sql	Update contacts2calls.sql	2019-06-05 15:43:58 +03:00
Encapsulationdb.sql	Add files via upload	2021-03-13 02:44:26 +02:00
firefox_contentprefs.sql	Add files via upload	2018-08-08 03:00:32 +03:00
firefox_favicons.sql	Add files via upload	2018-08-08 02:34:05 +03:00
firefox_formhistory.sql	Add files via upload	2018-08-08 02:34:05 +03:00
firefox_places.sql	Add files via upload	2018-08-08 02:34:05 +03:00
full_event_names.csv	Update full_event_names.csv	2021-07-10 12:51:48 +03:00
GDrive_cloudgraph.sql	Google Drive (desktop)	2019-05-11 16:27:06 +03:00
GDrive_snapshot.sql	Google Drive (desktop)	2019-05-11 16:27:06 +03:00
GoogleDrive.xml	Magnet AXIOM 3 Custom Artifact	2019-05-11 16:29:45 +03:00
healthdb_secure.sql	IOS	2019-07-05 15:44:10 +03:00
healthdb_secure.xml	Magnet AXIOM 3 Custom Artifact	2019-07-06 13:08:46 +03:00
healthdb.sql	IOS	2019-06-18 17:22:10 +03:00
iPhotoLitedb.sql	IOS	2019-06-18 17:22:10 +03:00
knowledgec_db.sql	IOS	2019-09-16 22:44:37 +03:00
LICENSE	Update LICENSE	2019-06-21 10:25:28 +03:00
logs_db.sql	Android	2019-07-01 18:53:14 +03:00
logs_db.xml	Magnet AXIOM 3 Custom Artifact	2019-07-06 13:08:46 +03:00
Microsoft.WebBrowser.sql	Add files via upload	2021-07-11 11:00:55 +03:00
MobilityExperience.YourPhone.sql	Add files via upload	2021-07-11 15:40:01 +03:00
notes_sqlite.sql	IOS	2019-06-18 17:32:50 +03:00
Opera_History.sql	Add files via upload	2019-08-04 13:24:39 +03:00
Photos_sqlite3.sql	IOS	2019-06-19 19:19:36 +03:00
Photos_sqlite11.sql	IOS	2019-07-07 14:03:52 +03:00
Photos_sqlite.sql	IOS	2019-07-11 11:53:09 +03:00
Photos.xml	Magnet AXIOM 3 Custom Artifact	2019-07-06 13:08:46 +03:00
README.md	Update README.md	2021-07-11 11:50:45 +03:00
recents.sql	IOS	2019-06-18 17:32:50 +03:00
Samsung_Flow_Notifications_db.sql	Samsung Flow App - Query for Notifications.db (Win10)	2019-07-07 17:39:42 +03:00
skype_cache_db.sql	Update skype_cache_db.sql	2018-08-23 06:28:44 +03:00
skype_main_db.sql	Add files via upload	2018-08-23 20:04:26 +03:00
sms_db.sql	IOS	2019-06-26 15:34:26 +03:00
SoftwareUpdateClientTelemetry.sql	added ApplicableUpdateInfo field	2021-07-11 12:13:04 +03:00
TeraCopy_Windows.sql	Source: stark4n6.com & MagnetForensics	2019-05-11 10:33:00 +03:00
TeraCopy_Windows.xml	Source: stark4n6.com & MagnetForensics	2019-05-11 10:33:00 +03:00
Viber_Contacts_Data_messages.sql	IOS	2019-06-26 17:00:34 +03:00
VirtualDesktop.sql	Add files via upload	2021-07-11 12:08:31 +03:00
WhatsApp_Chatstorage_sqlite.sql	IOS	2019-06-26 20:12:58 +03:00

README.md

SQLite queries

- Browsers
  - Mozilla Firefox 61+:
  - Opera 54+
    - Opera_History.sql
    - Chrome_favicons.sql (works with Opera as well)
  - Chrome 67+
    - Opera_History.sql (works with Chrome as well)
    - Chrome_favicons.sql
- Skype (version 7.21 & 7.41 dBs)
  - skype_main.sql
    Query Skype's (Classic) main.db for chats & file transfers.
  - skype_cache_db
    Query Skype's (Classic) both cache_db.db databases found at AppData\Roaming\UserProfile\media_messaging\
    - 'emo_cache_v2\asyncdb\cache_db' (cached Emoticons etc) &
    - 'media_cache_v3\asyncdb\cache_db' (Cached Sent & Received images) folders.
  - PowerShell script/sqlite query so that you can view the Hex Blob output
    - Sample Output (csv)
- Google Drive
  - Query Google Drive's snapshot.db found at the '\AppData\Local\Google\Drive\user@' folder .
  - Query Google Drive's cloud_graph.db found at the '\AppData\Local\Google\Drive\user@\cloud_graph' folder
- Android
- IOS
- Windows 10
  - Samsung Flow App 'Notifications.db' - Note: dB Files are EFS encrypted
  - Encapsulation.db found at 'C:\Windows\appcompat\encapsulation\Encapsulation.db'
- Windows 10 diagnostics stuff
  from 'C:\ProgramData\Microsoft\Diagnosis\EventTranscript\EventTranscript.db' (more info here)
  - ClipboardHistory
  - SoftwareUpdateClientTelemetry
  - Edge & Apps WebHistory
  - Software Update client telemtry
  - Virtual Desktop