- QuickBooks Forensics by Thegrideon Software is a unique data access, analysis, review, export and recovery as well as password recovery and replacement tool for QuickBooks company files and backups: .QBW, .QBA, .QBB.
- QuickBooks Forensics is designed to provide full direct access to all Tables / Records saved in QuickBooks database. It works with files directly without any external database engines!
- QB Forensics is also a Transaction Log (.TLG files) Viewer.
- It works with most versions including the latest QB 2016 / 2017 (US, CA, UK, ...).
QuickBooks Forensics Features:
- Direct read-only access to QuickBooks company files:
- List all database tables.
- Table viewer is available for preliminary analysis.
- Tables can be exported as XML with XSD schema.
- Multiple Tables can be exported at one time (Bulk Export feature).
- Protected records are decrypted automatically.
- Shows tables schema (columns names, types, sizes, etc.)
- Internal Hex viewer is available for attached binary or large text blocks.
- Binary and large data blocks can be extracted as well.
- Precise timestamps are available for data analysis (for most tables).
- All reports can be saved as XML or CSV.
- Per-user preferences and system settings are pre-loaded for review.
- Transaction Log (.TLG files) viewer.
- SQL Anywhere UID & PWD Calculator.
- QBW company files can be extracted from QBB backups.
- External applications info is loaded from .qbw and .lgb files.
- SQL scripts can be extracted from .qbx and .qbm archives.
- Lists active and disabled accounts.
- Lists file update history and last active users.
- Administrator password can be replaced instantly regardless of length or complexity.
- Several attacks can be configured and queued for user password recovery:
- Dictionary attacks with modifications (wordlists for several languages are included).
- Brute-force attacks based on charset and length selected.
- Mixed attacks for precise search range configuration.
- Multi-position modifications to cover QuickBooks password complexity policy.
- Advanced keyboard layouts-aware recovery technique.
- Highly optimized code (SSE, AVX, AVX2) guarantees maximum performance.
- Most QuickBooks versions are supported including QB 2017.
- Windows 10 Compatible.
Data Access, Analysis, Review, Export and Recovery
QuickBooks Forensics is designed to provide full direct access to all Tables / Records saved in QuickBooks database (.qbw, .qba). It works with files directly without any database engines, so additional technical details are available for data analysis (for example precise timestamps are present in most tables). Data is not changed in any way in contrast to usual DB access methods.
It is the first tool to offer low-level data access to QuickBooks company files.
QB Forensics also searches and recovers old records / discarded data pages with old or lost data.
QB database tables can be previewed for preliminary analysis and / or exported as XML file with proper XSD schema to be used in MS Access, Excel, etc.
User preferences, system settings, access history, Apps details and other parameters are pre-extracted and shows to simplify data review and analysis. Attached binary and text blocks of data can be previewed in internal Hex viewer or extracted for further analysis.
Company files and transaction logs can be extracted from QBB backups as well.
QuickBooks .TLG files are database transaction logs (history of all actions executed by the database engine). The transaction log is a key component of backup and recovery. QuickBooks Forensics sorts log transactions based on tables affected, thus tables history can be tracked step by step.
Below we will publish notes on QuickBooks internals to help you better understand QuickBooks Forensics and data it can provide:
QuickBooks Internals | Security | Login
QuickBooks Internals | Security | Sensitive Data Keys
QuickBooks Internals | Security | Sensitive Data Bugs
QuickBooks Internals | Security | Apps and LGB files
QuickBooks Internals | Security | SQL and a Major Design Flaw
QuickBooks Internals | DB | SQL Anywhere UID & PWD
QuickBooks Internals | Security | QuickBooks 2017
In theory sensitive data records (CC Numbers, SSNs, Tax IDs, SINs, EIN, Bank accounts, etc.) supposed to be well protected and inaccessible without proper credentials, but in reality QuickBooks Forensics decrypts them automatically without any additional data (QB 2016 upto R5, or with .SDU files in QB 2017 upto R4).
In order to regain access to protected company file database password verification values can be replaced instantly. Sensitive data encryption keys are usually easily recoverable, thus access can be restored in full.
Password search is an option for protected accounts and QuickBooks Forensics allows you to set several attacks in queue: dictionary, sequential based on a charset and length selected or as mixed combination of dictionaries, brute-force and fixed parts. You can split password in parts and set each part independently with virtually endless number of combinations. Additional modifications are available including unique keyboard layouts-aware recovery technique, char replacement (e.g. I or i with 1), etc. We did our best to enhance this tool performance as well as the recovery speed with some advanced methods and it found to be the fastest tool for QuickBooks password recovery.
What is password recovery speed?
Password recovery speed is variable depending on additional information recoverable from the file, username, etc.
The following table is based on several tests with the common laptop, workstation and tablet CPUs:
|Intel® Core™2 Duo
T7500 @ 2.20GHz
Z3740 @ 1.33GHz
|Intel® Core™ i3
2100 @ 3.10GHz
|Intel® Core™ i3
4130 @ 3.40GHz
|1.5 - 13 millions||2 - 13 millions||5 - 25 millions||10 - 35 millions|
Trial version allows you to view data from Tables with even IDs. Export is enabled for tables "SYS..." or "ISYS...". Attached data (binary, vartext, etc.) cannot be saved. Password recovery attacks are 15 min limited. Password replacement feature is disabled
QuickBooks Forensics License price is $99 USD.
After payment processing is completed, you will immediately receive the email with your registration key. The key should be entered into the evaluation version, which can be downloaded from this page.