FQLite is a tool to find and restore deleted records in SQLite databases. It therefore examines the database for entries marked as deleted. Those entries can be recovered and displayed. It is written in the Java programming language. The program can operate with a simple graphical user interface (GUI mode). The program is able to search a SQLite database file for regular as well as deleted records.
FQLite allows you to:
- browse and recover the content of freelist pages
- recover records in all database pages including unallocated space and free blocks!
- support of UTF-8,UTF-16BE,UTF-16LE encoded databases
- support for multi-byte columns as well as overflow pages
- recover dropped tables
- create CSV/TSV-format data export
- support for Rollback-Journals and WAL-Archives
- integrated Hex-Viewer
- support a forensically sound investigation of database files
- support for decoding of bplist, protobuffer and BASE64 encoded cell values
- automatic detection of different BLOB types like .png, .bmp, .gif, .jpeg, .tiff, .heic, .pdf
- analyzing BLOB formats like google protobuffer, AVRO, Apple plist, Thrift,...
- integrated SQL-Analyzer
- Displaying database PRAGMA values
Some features:
- written with Java standard class library
- JavaFX-based graphical user interface
- open-source
- free of charge
- runs out of the box
Check out the the official project homepage
https://www.staff.hs-mittweida.de/~pawlaszc/fqlite/
You can find the current version of the user manual under the following link:
https://github.com/pawlaszczyk/fqlite/blob/master/resources/FQLite_UserGuide.pdf
An overview article highlighting the technical background of FQLite can be retrieved from
https://conceptechint.net/index.php/CFATI/article/view/17/6
D. Pawlaszczyk, C. Hummert: (2021). Making the Invisible Visible – Techniques for Recovering Deleted SQLite Data Records. International Journal of Cyber Forensics and Advanced Threat Investigations,
In the latest version, the FQLite is bundled with a Java Runtime Environment (JRE) and all required libraries.
Important note: With version 2.0 the support for the command line mode was cancelled.
- Download the latest version of FQLite in .dmg format from the Release page.
- Open the .dmg file and drag the application into the "Applications" folder.
- You can now launch FQLite from the Applications folder.
If you try to open an app by an unknown developer and you see a warning dialog on your Mac. A dialog is displayed saying that the app is damaged. In fact, the app is simply not signed with a developer certificate. For this reason, Gatekeeper refuses to execute. The first method will allow a single program to run, without having to disable Gatekeeper. Open a terminal and run the following command:
sudo xattr -dr com.apple.quarantine /Applications/fqlite.app
The app should then start without any further complaints.
- Open the Terminal.
- Install FQLite with the following command:
brew install --cask bocian67/fqlite/fqlite
- After installation, FQLite can be launched directly from the Applications folder.
- Download the latest version of FQLite in .exe format from the Release page.
- Run the .exe file and follow the installation instructions.
- After installation, FQLite can be opened from the Start menu.
- Download the .nupkg file for FQLite from the Release page.
- Open Command Prompt or PowerShell with administrator privileges.
- Install FQLite using the following command:
choco install fqlite --source ./fqlite.nupkg
- After installation, FQLite can be opened from the Start menu.
- Download the latest version of FQLite in .deb format from the Release page.
- Open a terminal and navigate to the directory where the .deb file is saved.
- Install FQLite with the following command:
sudo apt install ./fqlite.deb
- After installation, FQLite can be launched from the application menu.