To illustrate what the tools are doing with SQLite databases behind the scenes, take a look at this popular chat application and the types of information that was extracted by the commercial tool, Cellebrite, to aid in analysis.

The application was identified as chats/messaging and as expected, it contains data like messages, timestamps, participants, etc. In addition to these items, these databases can store coordinates, phone numbers, addresses, notes, files, file paths, and more.

While commercial tools may be able to extract and package this information for the analyst in a concise manner, if the tool does not parse the application, this same data can be presented by manually querying data from the original database file where it is all contained. This is why it is important to understand how to get just the important data from databases if they aren’t being parsed for you.