Recovering SQLite data from fragmented flash pages

As a small-sized database engine, SQLite is widely used in embedded devices, such as mobile phones and PDAs. Large amounts of sensitive personal data are stored in SQLite. Any unintentional data deletion or unexpected device damage can cause considerable loss to the owners of the data. Therefore, in these cases, it is necessary to be able to recover and extract SQLite data records from the flash memory of portable devices. However, most existing SQLite recovery studies take the database file as the research subject, while it is not possible to acquire an intact database file when the flash memory controller is damaged. This paper presents a new method to recover SQLite data records from fragmented flash pages. Instead of investigating the whole *.db file or the journal file, the suggested method focuses on the analysis of B-Tree leaf page structure, which is the basic storage unit, to locate and extract existing and deleted data records based on the structures of the page header and cells in the leaf page, and then uses the SQLite_master structure to translate hex data records into meaningful SQLite tables. The experimental results show that this new method is effective regardless of which file system is used.

[1]  Jianfeng Ma,et al.  Verifiable Computation over Large Database with Incremental Updates , 2014, IEEE Transactions on Computers.

[2]  Jian Xu,et al.  A metadata-based method for recovering files and file traces from YAFFS2 , 2013, Digit. Investig..

[3]  Dongqing Xie,et al.  Social influence modeling using information theory in mobile social networks , 2017, Inf. Sci..

[4]  Sangjin Lee,et al.  Forensic Analysis of Android Phone Using Ext4 File System Journal Log , 2012 .

[5]  Edgar R. Weippl,et al.  InnoDB database forensics: Enhanced reconstruction of data manipulation queries from redo logs , 2013, Inf. Secur. Tech. Rep..

[6]  Tong Li,et al.  A Homomorphic Network Coding Signature Scheme for Multiple Sources and its Application in IoT , 2018, Secur. Commun. Networks.

[7]  Jin Li,et al.  Secure Deduplication with Efficient and Reliable Convergent Key Management , 2014, IEEE Transactions on Parallel and Distributed Systems.

[8]  Jie Wu,et al.  Dependable Structural Health Monitoring Using Wireless Sensor Networks , 2015, IEEE Transactions on Dependable and Secure Computing.

[9]  C. Klaver,et al.  Windows Mobile advanced forensics , 2010, Digit. Investig..

[10]  Chen Liang,et al.  An end-to-end covert channel via packet dropout for mobile networks , 2018, Int. J. Distributed Sens. Networks.

[11]  Xuan Li,et al.  Centralized Duplicate Removal Video Storage System with Privacy Preservation in IoT , 2018, Sensors.

[12]  Jie Wu,et al.  Quality-Guaranteed Event-Sensitive Data Collection and Monitoring in Vibration Sensor Networks , 2017, IEEE Transactions on Industrial Informatics.

[13]  Chen Liang,et al.  RootAgency: A digital signature-based root privilege management agency for cloud terminal devices , 2018, Inf. Sci..

[14]  Chen Liang,et al.  A root privilege management scheme with revocable authorization for Android devices , 2018, J. Netw. Comput. Appl..

[15]  Ibrahim Baggili,et al.  Forensic analysis of social networking applications on mobile devices , 2012, Digit. Investig..

[16]  Jianfeng Ma,et al.  New Publicly Verifiable Databases with Efficient Updates , 2015, IEEE Transactions on Dependable and Secure Computing.

[17]  Sangjin Lee,et al.  A recovery method of deleted record for SQLite database , 2011, Personal and Ubiquitous Computing.

[18]  Murilo Tito Pereira Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records , 2009, Digit. Investig..

[19]  Yuanzhang Li,et al.  DPPDL: A Dynamic Partial-Parallel Data Layout for Green Video Surveillance Storage , 2018, IEEE Transactions on Circuits and Systems for Video Technology.

[20]  Yuan Xue,et al.  A code protection scheme by process memory relocation for android devices , 2017, Multimedia Tools and Applications.

[21]  Tao Jiang,et al.  Towards secure and reliable cloud storage against data re-outsourcing , 2015, Future Gener. Comput. Syst..

[22]  Xiao Fu,et al.  Recovery of Deleted Record for SQLite3 Database , 2016, 2016 8th International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC).

[23]  Qingju Wang,et al.  When Intrusion Detection Meets Blockchain Technology: A Review , 2018, IEEE Access.

[24]  Mark Roeloffs,et al.  Forensic Data Recovery from Flash Memory , 2007 .

[25]  Tan Yu-An,et al.  An extra-parity energy saving data layout for video surveillance , 2018 .

[26]  Siu-Ming Yiu,et al.  Recovery of heavily fragmented JPEG files , 2016, Digit. Investig..

[27]  Darren Quick,et al.  Forensic analysis of the android file system YAFFS2 , 2011 .

[28]  Sangjin Lee,et al.  File Carving for Ext4 File System on Android OS , 2013, Inscrypt 2013.

[29]  Kim-Kwang Raymond Choo,et al.  Hypergraph partitioning for social networks based on information entropy modularity , 2017, J. Netw. Comput. Appl..