Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.

mukul975/Anthropic-Cybersecurity-Skills|Updated May 25, 2026

Works with

Claude CodeCursorClineWindsurfCodex

Installation Guide

Select your AI agent

How to use performing-sqlite-database-forensics on Cursor

AI-first code editor with Composer

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

›Cursor installed and configured on your machine
›Node.js 16+ with npm — verify with node --version
›Active project directory where you want to add performing-sqlite-database-forensics

Run the install command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills install mukul975/Anthropic-Cybersecurity-Skills/performing-sqlite-database-forensics

Fetches performing-sqlite-database-forensics from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.

Select Cursor when prompted

The CLI shows a list of agents. Use arrow keys and space to select Cursor:

◆ Which agents do you want to install to?

│

│ ── Universal (.agents/skills) ────────────────

│ · Cline · Codex · Goose · Windsurf

│ ●Cursor(selected)

│ · Cursor · Aider · Continue

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/performing-sqlite-database-forensics

Restart Cursor to activate performing-sqlite-database-forensics. Access via /performing-sqlite-database-forensics in your agent's command palette.

⚠

Security Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.

›View source on GitHub ›Skills CLI docs ›About Cursor ›What are agent skills?

Documentation

List & Monetize Your Skill

Submit your Claude Code skill and start earning

Get started →

Use Cases

Exploratory Data Analysis

Quickly understand datasets, identify patterns, and generate insights

Example

Analyze CSV with 100K rows, identify outliers, visualize correlations, suggest hypotheses

✓

Reduce EDA time from hours to minutes, uncover insights faster

Data Cleaning & Transformation

Write scripts to clean messy data, handle missing values, normalize formats

Example

Generate Python/SQL to fix date formats, impute missing values, remove duplicates

✓

Automate 80% of data preprocessing work

Statistical Analysis

Perform hypothesis testing, regression, and statistical modeling

Example

Run A/B test analysis, calculate confidence intervals, interpret p-values

✓

name	performing-sqlite-database-forensics
description	Perform forensic analysis of SQLite databases to recover deleted records from freelists and WAL files, decode encoded timestamps, and extract evidence from browser history, messaging apps, and mobile device databases.
domain	cybersecurity
subdomain	digital-forensics
tags	- sqlite - database-forensics - freelist - wal - write-ahead-log - browser-history - mobile-forensics - deleted-records - b-tree - unallocated-space
version	'1.0'
author	mahipal
license	Apache-2.0
nist_csf	- RS.AN-01 - RS.AN-03 - DE.AE-02 - RS.MA-01

Offset	Size	Description
0	16	Magic string: "SQLite format 3\000"
16	2	Page size (512-65536 bytes)
18	1	File format write version
19	1	File format read version
24	4	File change counter
28	4	Database size in pages
32	4	First freelist trunk page number
36	4	Total freelist pages
52	4	Text encoding (1=UTF-8, 2=UTF-16le, 3=UTF-16be)
96	4	Version-valid-for number

Type	ID	Description
B-tree Interior	0x05	Internal table node
B-tree Leaf	0x0D	Table leaf page containing actual records
Index Interior	0x02	Internal index node
Index Leaf	0x0A	Index leaf page
Freelist Trunk	-	Tracks freed pages
Freelist Leaf	-	Freed page with recoverable data
Overflow	-	Continuation of large records

Application	Database File	Key Tables
Chrome	History	urls, visits, downloads, keyword_search_terms
Firefox	places.sqlite	moz_places, moz_historyvisits
Safari	History.db	history_items, history_visits
WhatsApp	msgstore.db	messages, chat_list
Signal	signal.sqlite	sms, mms
iMessage	sms.db	message, handle, chat
Android SMS	mmssms.db	sms, mms, threads
Skype	main.db	Messages, Conversations

performing-sqlite-database-forensics

Installation Guide

How to use performing-sqlite-database-forensics on Cursor

Prerequisites

Run the install command

Select Cursor when prompted

Verify installation

Security Notice

Documentation

List & Monetize Your Skill

Use Cases

Exploratory Data Analysis

Data Cleaning & Transformation

Statistical Analysis

Install Skill

Performing SQLite Database Forensics

Overview

When to Use

Prerequisites

SQLite Internal Structure

Database Header (First 100 Bytes)

Page Types

Deleted Record Recovery

Method 1: Freelist Page Analysis

Method 2: WAL (Write-Ahead Log) Analysis

Method 3: Unallocated Space Within Pages

Common Forensic Databases

Timestamp Decoding

References

Example Output

Data Visualization

Implementation Guide

Best Practices

When to Use This

Learning Path

Related Skills

performing-cryptographic-audit-of-application

exploiting-deeplink-vulnerabilities

implementing-soar-playbook-with-palo-alto-xsoar

analyzing-network-traffic-with-wireshark

scanning-docker-images-with-trivy

generating-threat-intelligence-reports

Reviews

Discussion