Please select a template

EnCase App Central

Extend the power of EnCase. Access, download and install software apps built by expert EnScript developers that help you get down to business – faster.

Become a Developer

SQLite Blob Extractor

This script is designed to extract BLOB-data from SQLite database files.

The script will work with both records and entries albeit the option to process selected items in the current view will not work with records; tags must be used instead.

A condition can be used to extract only those BLOBs that match the criteria specified by the user.

Regardless of the size set in the condition, empty BLOBs will never be extracted.

The script provides the option to specify the offset and maximum length of data to be extracted from each BLOB.

A BLOB won't be extracted if its length is smaller than the offset specified.

Processing SQLite write-ahead-log (WAL) files will cause the main database file and the WAL file to be extracted to the current case's temporary folder. A GUID will be used to identify the files for each database.

The WAL file will be deleted automatically when the database is closed (this is unavoidable). The main database file will be left behind so the examiner can wipe-delete it should they so wish.

Taking the option to use a flattened output path will cause the script to include only the source file's GUID and name in the output LEF. This may make it easier to perform additional analysis, e.g., property-list parsing.

Settings will be saved for re-use.

Progress can be monitored via the console.

Download Now



Version: 1.2
Tested with:
EnCase Forensic 8.08
Developer: Simon Key
Category: Utility

347 DOWNLOADS

YOU MAY ALSO LIKE

Utility

Volatility Plugin

This EnScript is designed to facilitate easier use of Volatility in EnCase. It can be configured for any number of Volatility plugins and supports multithreading.
By Simon Key
176 Downloads
App
Utility

Registry Viewer Plugin

This script allows the examiner to to use a right-click context-menu-option or keyboard shortcut to view Registry hive files (SYSTEM, SOFTWARE, SECURITY, SAM, NTUSER,DAT, etc.).
By Simon Key
153 Downloads
App
Utility

Run Condition As Filter

This download consists two filters designed to make it easier to locate, edit, and launch conditions from multiple locations. They also make it easier to create modified copies of the conditions that ship with EnCase.
By Simon Key
88 Downloads
App
Utility

View SQLite With WAL Plugin

Allows SQLite database files to be opened in conjunction with any write-ahead log (WAL) file.
By Simon Key
85 Downloads
App