creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit - 611 cybersecurity skills across all subdomains

Browse Source
This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/performing-sqlite-database-forensics/references/standards.md
+20
View File
@@ -0,0 +1,20 @@
# Standards and References - SQLite Database Forensics
## Standards
- NIST SP 800-86: Guide to Integrating Forensic Techniques
- SQLite File Format Specification: https://www.sqlite.org/fileformat2.html
- SWGDE Best Practices for Mobile Device Forensics
## Tools
- DB Browser for SQLite: Open-source GUI editor
- sqlcipher: Encrypted SQLite database handling
- Belkasoft Evidence Center: Commercial SQLite forensic analysis
- Exponent SQLite Explorer: Forensic SQLite viewer with timestamp auto-detection
- FORC (Forensic Operations for Recognizing SQLite Content): Automated Android extraction
## Key Database Locations
- Chrome History: %LOCALAPPDATA%\Google\Chrome\User Data\Default\History
- Firefox places.sqlite: %APPDATA%\Mozilla\Firefox\Profiles\*.default\places.sqlite
- Android SMS: /data/data/com.android.providers.telephony/databases/mmssms.db
- iOS SMS: /private/var/mobile/Library/SMS/sms.db
- WhatsApp: /data/data/com.whatsapp/databases/msgstore.db
skills/performing-sqlite-database-forensics/references/workflows.md
+39
View File
@@ -0,0 +1,39 @@
# Workflows - SQLite Database Forensics
## Workflow 1: Complete Database Analysis
```
Identify SQLite databases in evidence
|
Create forensic copies (preserve WAL and journal files)
|
Analyze database header (page size, encoding, freelist)
|
Query active tables for evidence
|
Analyze freelist pages for deleted records
|
Parse WAL file for transaction history
|
Examine unallocated space within pages
|
Decode timestamps (Chrome, Unix, Mac Absolute, Mozilla)
|
Document and export findings
```
## Workflow 2: Deleted Record Recovery
```
Open database in hex editor
|
Identify freelist trunk/leaf pages from header
|
Extract raw page data from freelist
|
Parse B-tree cell format to decode records
|
Check WAL for pre-deletion snapshots
|
Examine unallocated space between cell pointers and content area
|
Carve recoverable records
```