Our tools provide several methods for sensitive data keys recovery and data decryption, but the first step is to estimate a number and types of encrypted records in a company file. QuickBooks Forensics search engine can be used for this purpose. Strings encrypted by QuickBooks are prepended with "AQAj777K" mark and are very easy to locate.
Tables abmc_admin_master_key, abmc_key_permissions and abmc_master_key are used for internal sensitive data keys storage only in all company files, but there is no user data in these tables. It is important to note that only specific columns (cells) are encrypted and search results column 'Rows" shows you "X from Y" that can be used to estimate the number of encrypted data cells with user data. In addition to the internal tables mentioned above the following user data tables can be listed as well:
- cf_pref_attribute_value table record is usually encrypted company EMPID.
- abmc_account_user - bank account and routing number columns are encrypted.
- abmc_customer_credit_card_info - saved credit card numbers.
- abmc_vendor_user - vendor tax id column is encrypted.
- es_employee - employee tax id (SSN) column is encrypted.
- mv_search_data - records copied from tables above during data search in QuickBooks.