论文信息 - Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records

Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records

Firefox 3 uses a new system, based on various SQLite databases, to store Internet history, bookmarks, form field data and cookies. This paper presents the main properties of these databases, what fields are of forensic interest and what information the available tools can extract. It shows that even if records in these databases are deleted, remnants may be found in unallocated disk space, due to the fact that SQLite utilizes temporary transaction files. The paper proposes an algorithm to recover deleted SQLite entries based on known internal record structures. The tool developed can recover deleted history records and the methodology applied in this work can be used with other applications that also employ SQLite databases.

Murilo Tito Pereira

[1] T. Y. Cliff Leung,et al. IBM DB2 Everyplace: a small footprint relational database system , 2001, Proceedings 17th International Conference on Data Engineering.

[2] Grant Allen,et al. The Definitive Guide to SQLite , 2006 .

[3] Sang-Won Lee,et al. Design of flash-based DBMS: an in-page logging approach , 2007, SIGMOD '07.

[4] Anil Nori. Mobile and embedded databases , 2007, SIGMOD '07.

[5] Young-Seok Kim,et al. Adaptive logging for mobile device , 2010, Proc. VLDB Endow..

[6] Je-Min Kim,et al. AndroBench: Benchmarking the Storage Performance of Android-Based Mobile Devices , 2011, ICFCE.

[7] Wei Cao,et al. Report on the first international workshop on flash-based database systems (FlashDB 2011) , 2011, SGMD.

[8] Tei-Wei Kuo,et al. An efficient B-tree layer implementation for flash-memory storage systems , 2007, TECS.

[9] PereiraMurilo Tito. Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records , 2009 .

[10] Sivan Toledo,et al. Algorithms and data structures for flash memories , 2005, CSUR.

[11] Moon Jeung Joe,et al. LGeDBMS: a small DBMS for embedded system with flash memory , 2006, VLDB.

[12] Gerome Miklau,et al. Threats to privacy in the forensic analysis of database systems , 2007, SIGMOD '07.

[13] Sangjin Lee,et al. A recovery method of deleted record for SQLite database , 2011, Personal and Ubiquitous Computing.