SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

How to View and analyze SQLite Blob Data?

SQLite is one of the most commonly used database engine in the world. Its source code is available in public domain and which can be used for commercial or private purpose. Common data types used in SQLite are NULL, INTEGER, REAL, TEXT and BLOB. Unlike Blob, all other data types stores a particular type of data. Whereas Blob data type stores binary data, which are typically images, videos, audio or even binary executable codes. This datatype is not only deals with SQLite, but also supported by most of other databases.

Why BLOB is so Important?

As talked above, Blob data type contains binary data, which is not readable by human. Any type of data which is in binary form appears similar for human eyes. Even for database managers, do not have idea what the blob data contains and how to deal with. From a forensic investigators point of view, these Blob data contains may contain crucial evidence regarding digital crime. The reason behind this is that most of the web browsers, Android devices, etc. uses SQLite files to store data.

Structure of BLOB Data

Each BLOB data contains two fields namely type and data.
create table table_name (..., Blob_type, Blob_data)
Eachcolumnin a Blob type are meant for different data. The below describes each column name and the type of data it holds.
  • Text: Holds plain text of data. This excludes NULL values from the database.
  • Data: Speciallydesigned to hold encoded binary data contents. Here, is used to represent NULLvalues, whereas %25 is to present a percent symbol.
  • File: This filed contains the filename that points to a particular file on disk.
  • BLOB: These is a reference to a separate BLOB table in the database.

How to View Data from BLOB?

Since BLOB contains binary data, the viewing and analyzing of BLOB data is very difficult for a human to understand. Simple SQL queries can be used to view and analyze BLOB data contents. Let’s see how it is possible.
Using Command line interface of SQLite,
Creating a table of BLOB type
sqlite> create table blob_test (b_id blob);
sqlite> insert into blob_test values (x'01234234566789abcjghsjddef0123456789abcdef');
Viewing BLOB contents using SELECT Query
sqlite> select * from blob_test;
?#Egë½-n?#Egë½-n
sqlite> select ''||b_id from blob_test;
?#Egë½-n?#Egë½-n
Here, you can see that the contents are not in human readable format. SQLite provide another Query ‘quote’ to view the contents in Hex format. Let see how this query works.
select quote(b_id) from blob_test;
This will give you result as follows:
x'01234234566789abcjghsjddef0123456789abcdef'
This is not a reliable method to view and analyze data from BLOB. This is not in human readable format. Moreover, the investigator should be an expert in database management. To overcome this limitation investigator can use a smart tool to view and analyze SQLite BLOB data contents.

Suggested Solution- SQLite Forensics

A smart tool to Explore & Extract SQLite Database files.

Prominent Features of SQLite Forensics tool

Support for BLOB Data Type:
SQLite forensic tool allows users to preview and analyze tables, structures, byte code, and the multimedia contents from BLOB data type.
Recovers Deleted Records:
The tool is capable to recover the deleted contents from the SQLite files. these deleted items are listed in separate tab so that investigator can analyze these contents easily.
Multiple Views of DB Contents:
User can view and analyze contents form the SQLite database in tabular form or in hexadecimal form. This helps the investigator in deeply analyzing the database file.
Recover Associated Journal Files:
The tool is capable to recover the associated journal files related to SQLite file. This is the backup file for the original data file so these can be the major residence of digital evidences.
Export contents to multiple formats:
The recovered artifacts can be exported and saved in different file formats. Various exporting formats supported by the tool are CSV, PDF and HTML. This enables user to access the collected artifacts in various platforms.

Zora's SQL Tips

Hi! I am Zora Stalin, an IT geek and a passionate learner of technology. Besides my job as an Information Technology Analyst, I love searching and sharing new things that excite me help for others.

Comments

Leave a comment on the original post [sqlserveroverview.blogspot.com, opens in a new window]

Loading comments...