Annals of Telecommunications

, Volume 74, Issue 7–8, pp 451–460 | Cite as

Recovering SQLite data from fragmented flash pages

  • Li Zhang
  • Shengang Hao
  • Quanxin ZhangEmail author


As a small-sized database engine, SQLite is widely used in embedded devices, such as mobile phones and PDAs. Large amounts of sensitive personal data are stored in SQLite. Any unintentional data deletion or unexpected device damage can cause considerable loss to the owners of the data. Therefore, in these cases, it is necessary to be able to recover and extract SQLite data records from the flash memory of portable devices. However, most existing SQLite recovery studies take the database file as the research subject, while it is not possible to acquire an intact database file when the flash memory controller is damaged. This paper presents a new method to recover SQLite data records from fragmented flash pages. Instead of investigating the whole *.db file or the journal file, the suggested method focuses on the analysis of B-Tree leaf page structure, which is the basic storage unit, to locate and extract existing and deleted data records based on the structures of the page header and cells in the leaf page, and then uses the SQLite_master structure to translate hex data records into meaningful SQLite tables. The experimental results show that this new method is effective regardless of which file system is used.


Data recovery SQLite database Fragmented flash pages B-Tree leaf page SQLite_master 


Funding information

This work is supported by the National Natural Science Foundation of China (No. 61802210) and the Young Scholar Program of He’nan Education Department of China (No. 2014GGJS-111) and the key scientific research Program of He’nan Education Department of China (No. 17A520048).


  1. 1.
    Jiang T, Chen X, Li J, Wong DS, Ma J, Liu JK (2015) Towards secure and reliable cloud storage against data re-outsourcing. Futur Gener Comput Syst 52:86–94CrossRefGoogle Scholar
  2. 2.
    Li T, Chen W, Tang Y, Yan H (2018) A homomorphic network coding signature scheme for multiple sources and its application in IoT. Secur Commun Netw 2018:1–6. Google Scholar
  3. 3.
    Meng W, Tischhauser E, Wang Q, Wang Y, Han J (2018) When intrusion detection meets Blockchain Technology: a review. IEEE Access 6:10179–10188CrossRefGoogle Scholar
  4. 4.
    Yan H, Li X, Wang Y, Jia C (2018) Centralized duplicate removal video storage system with privacy preservation in IoT. Sensors 18(6):1814CrossRefGoogle Scholar
  5. 5.
    Li J, Chen X, Li M, Li J, Lee P, Lou W (2014) Secure deduplication with efficient and reliable convergent key management. IEEE Trans Parallel Distrib Syst 25(6):1615–1625CrossRefGoogle Scholar
  6. 6.
    Marcel B, Martien D (2007) Forensic data recovery from flash memory. Small Scale Digit Device Forensic J 1(1):1–17Google Scholar
  7. 7.
    Klaver C (2010) Windows Mobile advanced forensics. Digit Investig 6(3–4):147–167CrossRefGoogle Scholar
  8. 8.
    Xue Y, Tan Y-A, Liang C, Li Y, Zheng J, Zhang Q (2018) RootAgency: a digital signature-based root privilege management agency for cloud terminal devices. Inf Sci 444:36–50MathSciNetCrossRefGoogle Scholar
  9. 9.
    Darren Q, Mohammed A (2011) Forensic analysis of the android file system YAFFS2. In: Proceedings of the 9th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, pp 99–109Google Scholar
  10. 10.
    Ming X et al (2013) A metadata-based method for recovering files and file traces from YAFFS2. Digit Investig 10(1):62–72CrossRefGoogle Scholar
  11. 11.
    Sun Z, Zhang Q, Li Y, Tan Y-A (2018) DPPDL: a dynamic partial-parallel data layout for green video surveillance storage. IEEE transactions on circuits and systems for video. Technology 28(1):193–205Google Scholar
  12. 12.
    Yu X, Zhang C, Xue Y, Zhu H, Li Y, Tan Y-A (2018) An extra-parity energy saving data layout for video surveillance. Multimed Tools Appl 77:4563–4583CrossRefGoogle Scholar
  13. 13.
    Noora AM et al (2012) Forensic analysis of social networking applications on mobile devices. Digit Investig 9:24–33CrossRefGoogle Scholar
  14. 14.
    Peng S, Yang A, Cao L, Yu S, Xie D (2016) Social influence modelling using information theory in mobile social networks. Inf Sci 379:146–159CrossRefGoogle Scholar
  15. 15.
    Yang W, Wang G, Bhuiyan MZA, Choo K-KR (2017) Hypergraph partitioning for social networks based on information entropy modularity. J Netw Comput Appl 86:59–71CrossRefGoogle Scholar
  16. 16.
    Bhuiyan MZA, Wang G, Wu J, Cao J, Liu X, Wang T (2017) Dependable structural health monitoring using wireless sensor networks. IEEE Trans Dependable Secure Comput 14(4):363–376CrossRefGoogle Scholar
  17. 17.
    Dohyun K et al (2013) File carving for Ext4 file system on android OS. J Korea Inst Inf Secur Cryptol 23(3):417–429CrossRefGoogle Scholar
  18. 18.
    Tang Y, Fang J, Chow KP, Yiu SM, Xu J, Feng B, Li Q, Han Q (2016) Recovery of heavily fragmented JPEG files. Digit Investig 18:108–116CrossRefGoogle Scholar
  19. 19.
    Bhuiyan MZA, Wu J, Wang G, Chen Z, Chen J, Wang T (2017) Quality-guaranteed event-sensitive data collection and monitoring in vibration sensor networks. IEEE Trans Ind Inf 13(2):572–583CrossRefGoogle Scholar
  20. 20.
    Tan Y-A, Xu X, Liang C, Zhang X, Zhang Q, Li Y (2018) An end-to-end covert channel via packet dropout for mobile networks. Int J Distrib Sens Netw 14(5):1–14CrossRefGoogle Scholar
  21. 21.
    Chen X, Li J, Ma J, Weng J, Lou W (2016) Verifiable computation over large database with incremental updates. IEEE Trans Comput 65(10):3184–3195MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Chen X, Li J, Huang X, Ma J, Lou W (2015) New publicly verifiable databases with efficient updates. IEEE Trans Dependable Secure Comput 12(5):546–556CrossRefGoogle Scholar
  23. 23.
    Kim D, Park J, Lee K, Lee S (2012) Forensic analysis of android phone using Ext4 file system journal log. In: Hyuk JJ, Park J, Leung V, Wang CL, Shon T (eds) Future information technology, application, and service, application, and service. Springer, Dordrecht, pp 435–446CrossRefGoogle Scholar
  24. 24.
    Frühwirt P, Kieseberg P, Schrittwieser S, Huber M, Weippl E (2013) Innodb database forensics: enhanced reconstruction of data manipulation queries from redo logs. Inf Secur Tech Rep 17(4):227–238CrossRefGoogle Scholar
  25. 25.
    Jeon S, Bang J, Byun K, Lee S (2012) A recovery method of deleted record for SQLite3 database. Pers Ubiquit Comput 16(6):707–715CrossRefGoogle Scholar
  26. 26.
    Liu XP, Fu X, Sun G (2016) Recovery of deleted record for SQLite3 database. In: International conference on intelligent human-machine system & cybernetics. IEEEXplore, pp 183–187Google Scholar
  27. 27.
    Pereira M (2009) Forensic analysis of the Firefox 3 internet history and recovery of deleted SQLite3 records. Digit Investig 5(3–4):93–103CrossRefGoogle Scholar
  28. 28.
    Tan Y-A, Xue Y, Liang C, Zheng J, Zhang Q, Zheng J, Li Y (2018) A root privilege management scheme with revocable authorization for android devices. J Netw Comput Appl 107(4):69–82CrossRefGoogle Scholar
  29. 29.
    Zhang X, Tan Y-A, Zhang C, Xue Y, Li Y, Zheng J (2018) A code protection scheme by process memory relocation for android devices. Multimed Tools Appl 77(9):11137–11157CrossRefGoogle Scholar
  30. 30.
    DFRWS. DFRWS-2011-challenge (2011) Accessed 5 May 2013

Copyright information

© Institut Mines-Télécom and Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Electronic InformationZhejiang University of Media and CommunicationsHangzhouPeople’s Republic of China
  2. 2.Department of Computer and Information TechnologyNanyang Normal UniversityNanyangPeople’s Republic of China
  3. 3.School of Computer Science and TechnologyBeijing Institute of TechnologyBeijingPeople’s Republic of China

Personalised recommendations