Smart devices are packed with personal information and sensitive corporate data.  Most of this information is stored in an insecure fashion utilizing SQLite databases.  Most of the nearly 3 million applications store their data using an insecure method.  This course will exploit the SQLite database and instruct students how sensitive data is stored using insecure methods.  This knowledge is a must for individuals conducting security audits on corporate data or forensic examiniers.  Students will get hands-on experience and practical skills on the following:

- SQLite database framework including the various b-tree and free list pages
- Understanding the database Schema
- Usage of various epoch date & times
- Role of the Write Ahead Log and its data
- Cells and Cell Pointer Arrays
- The "vacuum" mechanism
- Reconstruct application data with free and open source software
- Using SQL queries
- Using phthon to parse SQLite entires
- Using phthon to recover deleted SQLite entries (Mari DeGrazia script)
- Foreign keys and table relationships over multiple tables
- Identify and recover user or corporate data that was thought to have been deleted
- Locate and identify BLOB data that could contain sensitive media or documents

Who should take this course
This course is recommended for those that conduct security audits, digital forensic examiniations or anyone interested in learning how application data is stored and recovered from smart devices.

Student Requirements
Students should be familiar with viewing and working with data in hex and have a basic understanding of the types of data mobile device applications store.  The ability to conduct SQL queries, although not required, will be helpful.