Thursday, June 28, 2012

PowerShell, SQLite and Google Drive [Oh my]

System Forensics - Powershell, SQLite and Google Drive

"I have been reading a lot about Microsoft’s Powershell lately because I am trying to automate some tasks at the office. It’s hard to beat their Active Directory modules that are integrated with Windows 7 and Windows Server 2008 R2.

While performing a bit of research I came across this site: http://psqlite.codeplex.com/ It's a module for sqlite and powershell. According to the website it, "enables you to use SQLite databases from your PowerShell session by mounting the database as a drive. You can then use the standard provider cmdlets to perform CRUD operations on the database tables and records."

This was interesting for a few reasons. First, and as many of the readers know, SQLite is used a lot and as computer forensic analysts/incident responders we come across SQLite databases quite frequently. Applications such as Google Chrome, Google Drive, Firefox, and Dropbox all use SQLite databases.

I will walk you through the installation of the SQLite Powershell Provider module, and we will also take a look at some basic examples by extracting information from a SQLite database, which is used by Google’s new cloud storage solution, Google Drive.

...

image..."

CodePlex - SQLite PowerShell Provider

The SQLite PowerShell Provider enables you to use SQLite databases from your PowerShell session by mounting the database as a drive. You can then use the standard provider cmdlets to perform CRUD operations on the database tables and records.

The provider supports both persistent (on-disk) and transient (memory-only) SQLite databases. In addition, the provider is transaction-aware.

For more information and examples, please refer to the User's Guide in the Documentation.

SNAGHTML524a3ca2

With the recent excitement around SQLite in the Microsoft sphere (with last week's announcement of it being ported/supported on Windows 8 and Windows Phone 8) when I saw this I knew I had to share it. While this post isn't about the Win8 port, it is about how you can use PowerShell to work with your SQLite DB's, which I'm guess there's going to be allot of in the coming months.

Is this project active? The SQLite Provider 1.1 (beta) was just released Monday (June 25, 2012)...

With my EDD/ESI hat on, I also liked how this post also helped us spelunk the Google Drive SQLite DB.

Posted 6/28/2012 03:55:00 PM

Tags: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)