The wonderful thing is that Python has built-in support for SQLite so this will make it very easy for us to interface to any SQLite file that we choose. SQLite is a file based database system that has many of the great features that most server based database systems have, all compacted down into a nice tiny little file. The final output of our adventure will be a spreadsheet that contains all of the social media profiles that were discovered.
So what we are going to do in this post is twofold: we will build a Python script that can extract emails from any SQLite database and we will utilize the Full Contact API to perform lookups on the email accounts that we find. Jacques was kind enough to point out that the Skype database is in SQLite format and was a veritable treasure trove of information. So I reached out to a few forensics gurus (thanks Shafik Punja and Jacques Boucher) to ask them where there is a good source of forensic information on a hard drive that I could use to begin querying online services for additional information. This always struck me as a place where OSINT could be applied as a follow-on to try to expand your knowledge of the acquired device and the owner. Email addresses, phone numbers, usernames, social media, images, the list goes on and on.
One thing that I always found amazing was looking at the result of a forensic acquisition and seeing all of that magical data flowing out from it. I will be the first to tell you that I know little about forensics compared to most law enforcement or private forensic examiners.
0 kommentar(er)
