Abstract
As a small-sized database engine, SQLite is widely used in embedded devices, such as mobile phones and PDAs. Large amounts of sensitive personal data are stored in SQLite. Any unintentional data deletion or unexpected device damage can cause considerable loss to the owners of the data. Therefore, in these cases, it is necessary to be able to recover and extract SQLite data records from the flash memory of portable devices. However, most existing SQLite recovery studies take the database file as the research subject, while it is not possible to acquire an intact database file when the flash memory controller is damaged. This paper presents a new method to recover SQLite data records from fragmented flash pages. Instead of investigating the whole *.db file or the journal file, the suggested method focuses on the analysis of B-Tree leaf page structure, which is the basic storage unit, to locate and extract existing and deleted data records based on the structures of the page header and cells in the leaf page, and then uses the SQLite_master structure to translate hex data records into meaningful SQLite tables. The experimental results show that this new method is effective regardless of which file system is used.
References
Jiang T, Chen X, Li J, Wong DS, Ma J, Liu JK (2015) Towards secure and reliable cloud storage against data re-outsourcing. Futur Gener Comput Syst 52:86–94
Li T, Chen W, Tang Y, Yan H (2018) A homomorphic network coding signature scheme for multiple sources and its application in IoT. Secur Commun Netw 2018:1–6. https://doi.org/10.1155/2018/9641273
Meng W, Tischhauser E, Wang Q, Wang Y, Han J (2018) When intrusion detection meets Blockchain Technology: a review. IEEE Access 6:10179–10188
Yan H, Li X, Wang Y, Jia C (2018) Centralized duplicate removal video storage system with privacy preservation in IoT. Sensors 18(6):1814
Li J, Chen X, Li M, Li J, Lee P, Lou W (2014) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625
Marcel B, Martien D (2007) Forensic data recovery from flash memory. Small Scale Digit Device Forensic J 1(1):1–17
Klaver C (2010) Windows Mobile advanced forensics. Digit Investig 6(3–4):147–167
Xue Y, Tan Y-A, Liang C, Li Y, Zheng J, Zhang Q (2018) RootAgency: a digital signature-based root privilege management agency for cloud terminal devices. Inf Sci 444:36–50
Darren Q, Mohammed A (2011) Forensic analysis of the android file system YAFFS2. In: Proceedings of the 9th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, pp 99–109
Ming X et al (2013) A metadata-based method for recovering files and file traces from YAFFS2. Digit Investig 10(1):62–72
Sun Z, Zhang Q, Li Y, Tan Y-A (2018) DPPDL: a dynamic partial-parallel data layout for green video surveillance storage. IEEE transactions on circuits and systems for video. Technology 28(1):193–205
Yu X, Zhang C, Xue Y, Zhu H, Li Y, Tan Y-A (2018) An extra-parity energy saving data layout for video surveillance. Multimed Tools Appl 77:4563–4583
Noora AM et al (2012) Forensic analysis of social networking applications on mobile devices. Digit Investig 9:24–33
Peng S, Yang A, Cao L, Yu S, Xie D (2016) Social influence modelling using information theory in mobile social networks. Inf Sci 379:146–159
Yang W, Wang G, Bhuiyan MZA, Choo K-KR (2017) Hypergraph partitioning for social networks based on information entropy modularity. J Netw Comput Appl 86:59–71
Bhuiyan MZA, Wang G, Wu J, Cao J, Liu X, Wang T (2017) Dependable structural health monitoring using wireless sensor networks. IEEE Trans Dependable Secure Comput 14(4):363–376
Dohyun K et al (2013) File carving for Ext4 file system on android OS. J Korea Inst Inf Secur Cryptol 23(3):417–429
Tang Y, Fang J, Chow KP, Yiu SM, Xu J, Feng B, Li Q, Han Q (2016) Recovery of heavily fragmented JPEG files. Digit Investig 18:108–116
Bhuiyan MZA, Wu J, Wang G, Chen Z, Chen J, Wang T (2017) Quality-guaranteed event-sensitive data collection and monitoring in vibration sensor networks. IEEE Trans Ind Inf 13(2):572–583
Tan Y-A, Xu X, Liang C, Zhang X, Zhang Q, Li Y (2018) An end-to-end covert channel via packet dropout for mobile networks. Int J Distrib Sens Netw 14(5):1–14
Chen X, Li J, Ma J, Weng J, Lou W (2016) Verifiable computation over large database with incremental updates. IEEE Trans Comput 65(10):3184–3195
Chen X, Li J, Huang X, Ma J, Lou W (2015) New publicly verifiable databases with efficient updates. IEEE Trans Dependable Secure Comput 12(5):546–556
Kim D, Park J, Lee K, Lee S (2012) Forensic analysis of android phone using Ext4 file system journal log. In: Hyuk JJ, Park J, Leung V, Wang CL, Shon T (eds) Future information technology, application, and service, application, and service. Springer, Dordrecht, pp 435–446
Frühwirt P, Kieseberg P, Schrittwieser S, Huber M, Weippl E (2013) Innodb database forensics: enhanced reconstruction of data manipulation queries from redo logs. Inf Secur Tech Rep 17(4):227–238
Jeon S, Bang J, Byun K, Lee S (2012) A recovery method of deleted record for SQLite3 database. Pers Ubiquit Comput 16(6):707–715
Liu XP, Fu X, Sun G (2016) Recovery of deleted record for SQLite3 database. In: International conference on intelligent human-machine system & cybernetics. IEEEXplore, pp 183–187
Pereira M (2009) Forensic analysis of the Firefox 3 internet history and recovery of deleted SQLite3 records. Digit Investig 5(3–4):93–103
Tan Y-A, Xue Y, Liang C, Zheng J, Zhang Q, Zheng J, Li Y (2018) A root privilege management scheme with revocable authorization for android devices. J Netw Comput Appl 107(4):69–82
Zhang X, Tan Y-A, Zhang C, Xue Y, Li Y, Zheng J (2018) A code protection scheme by process memory relocation for android devices. Multimed Tools Appl 77(9):11137–11157
DFRWS. DFRWS-2011-challenge (2011) http://www.dfrws.org/2011/challenge/index.shtml. Accessed 5 May 2013
Funding
This work is supported by the National Natural Science Foundation of China (No. 61802210) and the Young Scholar Program of He’nan Education Department of China (No. 2014GGJS-111) and the key scientific research Program of He’nan Education Department of China (No. 17A520048).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhang, L., Hao, S. & Zhang, Q. Recovering SQLite data from fragmented flash pages. Ann. Telecommun. 74, 451–460 (2019). https://doi.org/10.1007/s12243-019-00707-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-019-00707-9