sqbrite

Release 0.17

SQBrite is a data recovery tool for SQLite databases

Homepage PyPI Python

Keywords
databases, forensics, ios, recovery, sqlite
License
MIT
Install
pip install sqbrite==0.17

Documentation

Bring the shine back into your database with SQBrite!

Continuous Integration status Scrutinizer Code Quality Latest Version Download format Supported Python versions

SQBrite is a data recovery/forensics tool for SQLite databases. It uses a Python 3 implementation of the SQLite on-disk file format to recover deleted table rows.

SQBrite's name is inspired by PL Daniels' undark, but is a completely separate implementation.

SQBrite demo terminal recording

Installing SQBrite

SQBrite requires Python 3. To install, simply run:

$ pip3 install --user sqbrite
$ sqbrite --help

Background

SQLite uses a paginated data model in which each database is a collection of same-size pages. There are several kinds of pages, of which one type (B-Tree Table Leaf pages) contains the starting point for actual data belonging to individual table rows.

When a row is deleted by means of a DELETE FROM table (...) statement, the space occupied by that row's data (a record) within the relevant B-Tree Table Leaf page is marked as free and may subsequently be used to store new records or update existing records. However, it is common to see freed space within a page (a freeblock, in SQLite parlance) left alone after rows are deleted. In that case, it *may* be possible to retrieve deleted row data from within the freeblock.

Heuristics

The SQLite file format doesn't keep track of where deleted records start and end within a leaf page's freeblocks. This means that SQBrite needs a mechanism to find out where record headers start. This is achieved through the use of byte-wise regular expressions specific to tables in known databases. These regular expressions and the offset that separates matches from the first byte in a well-formed header are stored in a user-editable YAML file.

SQBrite aims to ship with heuristics for popular SQLite databases, so do send pull requests if you've got good results with your heuristics.

Features

  • Export all records to CSV or reinject "undeleted" records into a copy of the database
  • Extensible heuristics - just add entries to ~/.local/share/sqbrite/sqbrite.yaml!
  • SQBrite can recover records from within active B-tree table leaf pages or from former table-leaf Freelist pages.
  • Heuristics for iOS and Firefox databases

Limitations

  • SQBrite works better when ptrmap pages are present
  • The undelete subcommand may fail when re-inserting deleted rows into a table causes a constraint violation
  • SQBrite cannot recover records deleted with the SQLite secure_delete pragma enabled
  • Recovering data from overflow pages that have become Freelist leaf pages is not currently supported

Acknowledgments

Big thanks to @tobraha for contributing bugfixes in 2022.

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
1
Total releases
4
Latest release
First release
Stars
25
Forks
7
Watchers
3
Contributors
2
Repository size
81.1 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.17
0.16
0.15
0.10

Contributors

Matt Boyer Tommy Harris


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-03-20 10:15:24 UTC

Login to resync this project