Hi I am trying to write an open source tool to retieve bulk data from unallocated clusters.My focus is on Skype chats (artifacts) but could apply to others apps, too.
This is where I am. By carving hard disks I can get chunk skype chats. >From each chat I can retrieve chatters' name, time of chat, progressive id and others data. The issue I am facing is on how I can identificate a sqlite record if I have miss the database headers? I have retrieved many skype records, but I am not able to define where a record starts and where it ends. I have also crate a sqlite table with few records: strangely fields are not separated by any character. So if you write 'alfa' in the first field and '10' in the 2nd, you will see hex format of record like "alfaA". But the point is (and I am not been able to get it) what separe a record from another? Anyone looking at sqlite db from hex point of view will see that the order and management of record is dinamic and follow fixed rules. I Hope have been clear. Thanks sf -------------------------------- dr. Salvatore Fiorillo (MSc) Information Security Consultant Master of Information Security ECU - Western Australia Certified Information Security Lead Auditor ISO 27001 (ex BS7799) www.theosecurity.com _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
