With the database located, it was opened in Physical Analyzer. A quick peek into the ZKIKMESSAGE table proved to contain lots of meaningful information. In fact, this table may contain MORE information than what is essential to analyzing communication with this application. This particular table holds more than 20 different columns.

To simplify this example, examine just the ZKIKMESSAGE table. ZKIKMESSAGE holds a significant amount of data, but we are interested in just pulling the following information:

•  The User

•  Message Timestamp

•  Content of the Message

•  The Timestamp that the Message was Received

(These are pictured in the screenshot above by rearranging the columns.)

To do this, we can query the particular table within this database to return just the isolated results that we are seeking. In addition, we can display the columns in terms that make sense to us if they are obscure or not altogether self-explanatory in their native form.