Angular>> Queries>> 返回
项目作者: kacos2000

项目描述 :
SQLite queries
高级语言: TSQL
项目地址: git://github.com/kacos2000/Queries.git
创建时间: 2018-06-14T08:35:50Z
项目社区:https://github.com/kacos2000/Queries
开源协议:Other
下载


SQLite queries

  1.    - **Skype**  *(version 7.21 & 7.41 dBs)*    
  3.        - [skype_main.sql](https://github.com/kacos2000/queries/blob/master/skype_main_db.sql)<br>
  4.          Query Skype's *(Classic)* main.db for chats & file transfers.<br>
  6.        - [skype_cache_db](https://github.com/kacos2000/queries/blob/master/skype_cache_db.sql)<br>
  7.          Query Skype's *(Classic)* both cache_db.db databases found at AppData\Roaming\UserProfile\media_messaging\ <br>
  8.          - 'emo_cache_v2\asyncdb\cache_db'   *(cached Emoticons etc)* & <br> 
  9.          - 'media_cache_v3\asyncdb\cache_db' *(Cached Sent & Received images)* folders.<br>
  11.        - [PowerShell script/sqlite query](https://github.com/kacos2000/queries/blob/master/cache_db.ps1) so that you can view the Hex Blob output<br>
  12.          - [Sample Output (csv)](https://github.com/kacos2000/queries/blob/master/cache_db.csv)<br><br>
  15.   - **Google Drive**   <br>     
  16.        - Query Google Drive's [snapshot.db](https://github.com/kacos2000/queries/blob/master/GDrive_snapshot.sql) found at the '\AppData\Local\Google\Drive\user@' folder  .<br>
  17.        - Query Google Drive's [cloud_graph.db](https://github.com/kacos2000/queries/blob/master/GDrive_cloudgraph.sql) found at the '\AppData\Local\Google\Drive\user@\cloud_graph' folder <br><br>
  19.   - **Android**   <br>     
  20.        - [Android 7 Calllog.db (Call history)](https://github.com/kacos2000/queries/blob/master/calllog_db.sql)<br>
  21.        - [Android 7 Contacts2.db (Contacts)](https://github.com/kacos2000/queries/blob/master/contacts2.sql)<br>
  22.        - [Android 9 Contacts2.db (Call history)](https://github.com/kacos2000/queries/blob/master/contacts2calls.sql)<br>
  23.        - [Android logs.db (Samsung Calls/messages)](https://github.com/kacos2000/queries/blob/master/logs_db.sql)<br><br>
  25.   - **IOS**     <br>     
  26.        - [IOS 'Accounts3.sqlite' (Accounts)](https://github.com/kacos2000/queries/blob/master/Accounts3_sqlite.sql)<br>
  27.        - [IOS 'calendar.sqlitedb' (Calendar)](https://github.com/kacos2000/queries/blob/master/calendar_sqlitedb.sql)<br>
  28.        - [IOS 'Extras.db' (Calendar)](https://github.com/kacos2000/queries/blob/master/calendar_extras.sql)<br>
  29.        - [IOS 'AddressBook.sqlitedb' (AddressBook)](https://github.com/kacos2000/queries/blob/master/AddressBook_sqlite.sql)<br>
  30.        - [IOS 'AddressBookImages.sqlitedb' (AddressBook Images)](https://github.com/kacos2000/queries/blob/master/AddressBookImages_sqlite.sql)<br>
  31.        - [IOS 11 'Photos.sqlite'](https://github.com/kacos2000/queries/blob/master/Photos_sqlite11.sql)<br>
  32.        - [IOS 7+ 'Photos.sqlite'](https://github.com/kacos2000/queries/blob/master/Photos_sqlite.sql)<br>
  33.        - [IOS 3 'Photos.sqlite'](https://github.com/kacos2000/queries/blob/master/Photos_sqlite3.sql)<br>
  34.        - [IOS 'iPhotoLite.db'](https://github.com/kacos2000/queries/blob/master/iPhotoLitedb.sql)<br>
  35.        - [IOS 'healthdb.sqlite'](https://github.com/kacos2000/queries/blob/master/healthdb.sql)<br>
  36.        - [IOS 'healthdb_secure.sqlite'](https://github.com/kacos2000/queries/blob/master/healthdb_secure.sql)<br>
  37.        - [IOS 'knowledgec.db'](https://github.com/kacos2000/queries/blob/master/knowledgec_db.sql)<br>
  38.        - [IOS 'notes.sqlite'](https://github.com/kacos2000/queries/blob/master/notes_sqlite.sql)<br>
  39.        - [IOS 'Recents' db (Mail)](https://github.com/kacos2000/queries/blob/master/recents.sql)<br>
  40.        - [IOS 'sms.db' (SMS/iMessages)](https://github.com/kacos2000/queries/blob/master/sms_db.sql)<br>
  41.        - [IOS 'callhistory.storedata' (Call history)](https://github.com/kacos2000/queries/blob/master/callhistory_storedata.sql)<br> 
  42.        - [Hike Sticker Chat (com.bsb.hike)](https://github.com/kacos2000/queries/blob/master/bsb_hike_messagesDB_sqlite.sql)<br>
  43.        - ['contacts.data' (Viber Messages)](https://github.com/kacos2000/queries/blob/master/Viber_Contacts_Data_messages.sql)<br> 
  44.        - ['ChatStorage.sqlite' (WhatsApp Messages)](https://github.com/kacos2000/queries/blob/master/WhatsApp_Chatstorage_sqlite.sql)<br> 
  46.   - **Windows 10**     <br>        
  47.     - [Samsung Flow App 'Notifications.db'](https://github.com/kacos2000/queries/blob/master/Samsung_Flow_Notifications_db.sql) - *Note:* dB Files are EFS encrypted <br>
  48.     - [Encapsulation.db](https://github.com/kacos2000/Queries/blob/master/Encapsulationdb.sql) found at 'C:\Windows\appcompat\encapsulation\Encapsulation.db' <br> 
  50.   - **Windows 10/11 diagnostics stuff**

from C:\ProgramData\Microsoft\Diagnosis\EventTranscript\EventTranscript.db ‘`()` (more info here)* 

  1.     - [ClipboardHistory](https://github.com/kacos2000/Queries/blob/master/ClipboardHistory.Service.sql) <br>
  2.     - [TaskFlow DataEngine](https://github.com/kacos2000/Queries/blob/master/TaskFlow.sql) <br>
  3.     - [SoftwareUpdateClientTelemetry](https://github.com/kacos2000/Queries/blob/master/SoftwareUpdateClientTelemetry.sql) <br> 
  4.     - [Edge & Apps WebHistory](https://github.com/kacos2000/Queries/blob/master/Microsoft.WebBrowser.sql) <br> 
  5.     - [Virtual Desktop](https://github.com/kacos2000/Queries/blob/master/VirtualDesktop.sql) <br>
  6.     - [YourPhone app](https://github.com/kacos2000/Queries/blob/master/MobilityExperience.YourPhone.sql) <br>
  7.     - [Windows.Networking](https://github.com/kacos2000/Queries/blob/master/Windows.Networking.sql) <br>
  8.     - [**NetworkingTriage**](https://github.com/kacos2000/Queries/blob/master/NetworkingTriage.sql)  *(includes info from Windows.Networking)*<br>
  9.     - [**AppInteractivity + AppInteractivitySummary**](https://github.com/kacos2000/Queries/blob/master/AppInteractivity.sql)  *(more info [here](https://www.kroll.com/en/insights/publications/cyber/forensically-unpacking-eventtranscript/forensic-quick-wins-with-eventtranscript))*<br>
  10.     - [Device Census (settings)](https://github.com/kacos2000/Queries/blob/master/Census.sql) <br>
  11.     - [DxgKrnlTelemetry Client Running Time](https://github.com/kacos2000/Queries/blob/master/ClientRunningTime.sql) <br>
  12.     - [AppStateChangeSummary](https://github.com/kacos2000/Queries/blob/master/AppStateChangeSummary.sql) <br>
  13.     - [ProcessLoggingFile & ProcessLoggingRegistry](https://github.com/kacos2000/Queries/blob/master/ProcessLogging.sql) <br>
  14.     - [FileSystem NTFS,EXFAT,FAT Mount + Volume Info](https://github.com/kacos2000/Queries/blob/master/FileSystem.Mount.sql) <br>
  15.     - [Microsoft.Windows.Inventory.Core.Install](https://github.com/kacos2000/Queries/blob/master/Inventory.sql) *(installation [state](https://docs.microsoft.com/en-us/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709#microsoftwindowsinventorycoreinventoryapplicationadd) for all hardware and software components).* <br>
  16.     - [TextInputSessions](https://github.com/kacos2000/Queries/blob/master/Text-InputSession.sql) <br>
  17.     - [Immersive-Shell](https://github.com/kacos2000/Queries/blob/master/Immersive-Shell.sql) <br>
  18.     - [User Account Control (UAC)](https://github.com/kacos2000/Queries/blob/master/UAC.sql) *(UAC/LUA ConsentUILaunched)*<br>
  19.     - ----------
  20.     - [List unigue Event Names in the dB](https://github.com/kacos2000/Queries/blob/master/EventTranscript_GetEventNameList.sql) <br>
  21.     - *Sample event name lists:* <br> 
  22.        1. [(csv1 with 3400+)](https://github.com/kacos2000/Queries/blob/master/full_event_names_large.csv) names <br> 
  23.        2. [(csv2 with 2800+)](https://github.com/kacos2000/Queries/blob/master/full_event_names.csv) names compiled from <br> 
  24.           2a. [Win10 csv](https://github.com/kacos2000/Queries/blob/master/full_event_names1.csv) & <br> 
  25.           2b. [Win11 csv (VM)](https://github.com/kacos2000/Queries/blob/master/full_event_names2.csv) <br>
  26.     - *[Event Tracing GUID + Provider name list](https://github.com/kacos2000/Queries/blob/master/providers.txt)*  <br> 
  27.     - *(Related event log: 'Microsoft-Windows-UniversalTelemetryClient%4Operational.evtx')*
  28.     - ----------

(*) Adjust settings:
HKLM: SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventTranscriptKey

  • DWORD EnableEventTranscript (0: disabled, 1: enabled)
  • DWORD HoursOfHistoryToKeep (in hours)
  • DWORD MaxStoreSize (nr of bytes)
  • DWORD RequestedMaxStoreSize (nr of bytes, same as above)


  1.   - **Windows 11 Search data** *(new 22H2+ SQLite3 dBs)*<br>
  2.     *found at 'C:\ProgramData\Microsoft\Search\Data\Applications\Windows'*<br>
  3.     - [PropertyMap](https://github.com/kacos2000/Queries/blob/master/Win_Search_PropertyMap.sql)
  4.     - [Paths (SystemIndex_1_PropertyStore) query](https://github.com/kacos2000/Queries/blob/master/Win_Search_PropertyStore.sql)
  5.     - [SecurityDescriptor (SecStore.db) query](https://github.com/kacos2000/Queries/blob/master/Win_Search_SecStore.sql)
  6.     - [Paths/Files & Timestamps (Windows-gather.db)](https://github.com/kacos2000/Queries/blob/master/Win_Search_gatherdB.sql)