Abstract
- SQLite as a database system is the subject of practically every digital forensic investigation today. When examining SQLite databases, we repeatedly come across BLOB columns, whose content is not immediately obvious. In addition to the well-known binary formats such as image files or PDF documents, we find objects and message fragments that cannot be assigned to a classic file format, because application developers are using database columns to store object content. Serialization formats can be tricky, when you encounter it in an investigation. It is not always easy to determine which specific format is present. In this article, we will take a closer look at some of the most popular serialization formats. Furthermore, we show, how we can make the serialized content visible again to use it for forensic investigations.