A new software tool has been developed to extract potentially crucial digital evidence from one of the most widely used computer and mobile phone database formats.

The team of researchers at CCL-Forensics have developed and coded “EPILOG” which aids in the retrieval of deleted data in SQLite databases, for use in criminal investigations.

SQLite is used extensively in mobile phone and smartphone operating systems (including the Apple iPhone) and in a significant number of web browsers and can contain deleted data which is not visible to the end user. EPILOG can recover and present this in a forensically sound manner to enhance a range of prosecution cases from indecent images to activity on a range of mobile phones.

Mark Larson, Forensics Manager at CCL-Forensics says: “Standard forensics tools can only extract SQLite databases from exhibits, and will do nothing to help you interpret their contents. EPILOG can work with both live and deleted databases, and recover both live and deleted data from them.

“This means the amount of potential evidence extracted from a computer or mobile phone is significantly increased, and so is the chance of identifying relevant evidence.

“To give an example, we used EPILOG on an Apple iPhone, where it recovered 32 unique deleted call events and five numbers found nowhere else on the phone. This evidence would not have been recovered without the tool, and could make a difference between success and failure in court”.

For more information, visit www.ccl-forensics.com.