In this session, we will examine artifacts and data from technologies that leverage SQL databases. First, we will analyze various artifacts created by popular versions of SQL, including Microsoft, PostgreSQL, and MySQL. Attendees will learn where these artifacts are located, how to examine them, and how they may be integral to understanding the actions of an attacker. Sometimes the story of the data at rest is more telling than the story of the data in motion.
Second, we will examine the embeddable SQLite and its applications within forensic examinations. Attendees will examine technologies utilizing SQLite databases, including mobile devices and Apple’s OS X. Similar to the first part, attendees will learn how to examine these artifacts and incorporate them into their investigations.