Convert a forensic snapshot
Use the SDR Exporter tool to convert forensic snapshots so you can run queries on them.
The SDR Exporter tool is used to convert forensic snapshots on a device into a format where advanced queries can be run. The snapshots can then be converted to an SQLite database or a JSON formatted file.
There are 64 bit and 32 bit versions of the tool available. Download the appropriate version:
To convert a snapshot:
-
Specify the path and filename of the snapshot to be converted and the path and filename of the output file and the format. You must use at least these options. The command you use depends on the version of the tool you are using.
- 64 bit:
SDRExporterx64.exe –i <path to snapshot tgz> -o <path to output file> -f <format to output sqlite or json>
-
32 bit:
SDRExporterx86.exe –i <path to snapshot tgz> -o <path to output file> -f <format to output sqlite or json>
Options:
- -h [ --help ] Print help message
- -i [ --input-path ] arg Path to input snapshot container file
- -o [ --output-path ] arg Path to output file
- -f [ --output-format ]
- arg (=sqlite) Output format (choices: sqlite or json)
- -v [ --output-version ]
- rg Output version - default is latest
- 64 bit: