Thunderbird forensic
De Linuxmemo.
(Différences entre les versions)
(→global-messages.db.sqlite) |
(→global-messages.db.sqlite) |
||
| Ligne 12 : | Ligne 12 : | ||
attachments | attachments | ||
SELECT DISTINCT docid, c1subject, c2attachmentNames FROM messagesText_content WHERE c3author LIKE '%amazon%' AND c2attachmentNames <> ''; | SELECT DISTINCT docid, c1subject, c2attachmentNames FROM messagesText_content WHERE c3author LIKE '%amazon%' AND c2attachmentNames <> ''; | ||
| + | date | ||
| + | SELECT DISTINCT datetime(messages.date/1000000, 'unixepoch', 'localtime'), docid, c1subject, c2attachmentNames | ||
| + | FROM messages, messagesText_content | ||
| + | WHERE c3author LIKE '%amazon%' | ||
| + | AND c2attachmentNames <> '' | ||
| + | AND messages.id=messagesText_content.docid; | ||
Version du 7 janvier 2021 à 12:48
global-messages.db.sqlite
contacts, identities
SELECT contacts.name, identities.value FROM contacts, identities WHERE contacts.id=identities.id; SELECT contacts.name, identities.value FROM contacts, identities WHERE contacts.id=identities.id AND contacts.name LIKE '%bank%'; SELECT contacts.name, identities.value FROM contacts, identities WHERE contacts.id=identities.id AND contacts.name LIKE 'BEA';
messages, messagesText_content
SELECT DISTINCT docid, c1subject, c3author FROM messagesText_content WHERE c3author LIKE '%amazon%'; SELECT DISTINCT docid, c1subject, c4recipients FROM messagesText_content WHERE c4recipients LIKE '%amazon%';
body of the message
SELECT DISTINCT docid, c1subject, c2attachmentNames, c0body FROM messagesText_content WHERE c3author LIKE '%amazon%' AND docid=2314;
attachments
SELECT DISTINCT docid, c1subject, c2attachmentNames FROM messagesText_content WHERE c3author LIKE '%amazon%' AND c2attachmentNames <> ;
date
SELECT DISTINCT datetime(messages.date/1000000, 'unixepoch', 'localtime'), docid, c1subject, c2attachmentNames FROM messages, messagesText_content WHERE c3author LIKE '%amazon%' AND c2attachmentNames <> AND messages.id=messagesText_content.docid;
