Epilog (SQLite analysis tool)
epilog (SQLite forensic tool)
Welcome to epilog - a software tool which allows investigators to recover deleted data from the widely-used database format, SQLite.
Without epilog, you could be missing out on potentially valuable evidence.
Without epilog, you could be missing out on valuable evidence
Many devices (whether mobile phones, computers, sat navs or other devices) store data in the SQLite database format.
Data stored in this type of database can provide a huge evidential opportunity for investigators.
Many "off-the-shelf" tools can be used to view the live records in the database, but epilog from CCL-Forensics extracts deleted and de-referenced data from the database files or across a disc image or hex dump.
epilog’s three recovery algorithms can be used on any SQLite database, regardless of the type of data stored. However, epilog signatures can be used to tailor its behaviour towards a particular database. Built in to the initial release of epilog are signatures including:
- Android (SMS, call logs, calendars, address book and others)
- iPhone (SMS, emails, calendar, and others)
- Smartphone third party applications (including Yahoo Messenger, eBuddy chat and others)
- Safari (internet history and cache and others)
- Mozilla (cookies, internet history, form data and others)
- Chrome (internet history)
Why use epilog?
Put simply, it gives you access to more data which could prove crucial in an investigation. SQLite is so widely used that, without epilog, you could be missing out on crucial data. For example, in a recent case handled by CCL-Forensics, epilog recovered and presented nearly 5,000 entries from a smartphone’s web cache, where there were only 400 live (visible) entries.
Watch epilog videos
Watch our series of brief videos to find out more about specific features of epilog. 
Video 2: epilog chat-log recovery
Features
- epilog presents deleted data contained in SQLite databases
- epilog uses three different algorithms in order to recover and rebuild deleted records
- epilog analyses SQLite data recovered records and matches them to a table in the live database files
- epilog works on live and deleted database files, the temporary “journal files” which are generated during a database operation and across a disc image or hex dump
- epilog enables the user to save a single field to file, or batch export multiple “blob” (binary files) fields from the recovered records for further analysis
- epilog allows the user to generate “insert statements” from recovered records in order to facilitate the restoration of deleted records into a live database
- Once purchased, new signatures, updates and bug fixes are provided for the current version of epilog
System requirements
epilog requires the following minimum specifications:Windows XP, Vista or Windows 7.NET version 2.0 local admin priviligesSignature files
The following signature files are available to use with epilog and are available for separate download. Further signature files will be developed over time, and will be made available for free download. Current set of signatures updated: November 8, 2011.
- Android (includes calls, contacts, SMS messages, HTC email messages)
- iPhone - NEW! covering iOS5 (includes calls, contacts, SMS messages, email, third party chat history)
- PC browsers (Artefacts from Chrome, Firefox, Safari)
- and more
Training
Training is provided at CCL-Forensics' laboratory in Warwickshire, UK, at a cost of 250.00 GBP per delegate. On-site training can be provided depending on attendee numbers. Please contact epilog@ccl-forensics.com for more information. Duration of course: 1 day.Download/buy
epilog is available for instant download and a licence key for epilog is available for purchase. Payment is made by credit card using PayPal. Please choose your option below.
Epilog Setup file:
Individual licence:
Provides unlimited use of EPILOG on one nominated computer.
150.00 GBP
Site licence:
Unlimited use of EPILOG for multiple users at a single location
750.00 GBP
