- QuickBooks Forensics by Thegrideon Software is a unique tool for QuickBooks company files access, analysis, review, export and recovery as well as password replacement and recovery.
- QuickBooks Forensics is designed to provide full direct access to all data saved in QuickBooks database. It works with files directly without any external libraries or database engines!
- QB Forensics is also a Transaction Log (.TLG files) viewer.
- It works with most versions including the latest QB 2017 (US, CA, ...).
QuickBooks Forensics Features:
- Direct read-only access to QuickBooks company files:
- lists all database tables;
- table viewer is available for preliminary analysis;
- protected records are decrypted automatically.
- tables can be exported as XML with XSD schema (inc. bulk export);
- shows tables schema (columns names, types, sizes, etc.);
- internal Hex viewer is available for attached binary or large text blocks;
- precise timestamps are available for data analysis;
- reports can be saved as XML or CSV;
- per-user preferences and system settings are pre-loaded for review;
- SQL code viewer with syntax highlighting for procedures, views, events and triggers;
- Automatic 'SET HIDDEN' obfuscation decoding;
- Transaction Log (.TLG files) viewer.
- SQL Anywhere database UID & PWD Calculator.
- QBW company files can be extracted from QBB backups.
- External APPs records are loaded from '.qbw', '.lgb' and '.sdu' files.
- SQL scripts can be extracted from '.qbx' and '.qbm' archives.
- Lists active and disabled accounts.
- Lists file update history and last active users.
- Administrator password can be replaced instantly regardless of length or complexity.
- Several attacks can be configured and queued for user password recovery:
- brute-force attacks based on charset and length selected;
- dictionary (wordlist) attacks with modifications;
- mixed attacks for precise search range configuration;
- multi-position modifications to cover QuickBooks password complexity policy;
- advanced keyboard layouts-aware recovery technique;
- highly optimized code (SSE, AVX, AVX2) guarantees high performance;
- Most QuickBooks versions are supported including QB 2017.
- Windows 7 - Windows 10.
Data Access, Analysis, Review, Export and Recovery
QuickBooks company files are based on SQL Anywhere database engine and any digital analysis is challenging due to the nature of database engine workflow: there are internal cleanups and optimizations (data pages are being moved, cleared or deleted); file is modified even prior to user login with database startup details and counters; there are number of SQL functions, events and triggers involved.
QuickBooks Forensics is designed to provide full direct read-only access to all tables (records) saved in QuickBooks '.qbw' files. It is based on reverse-engineering of database format and works with files directly without any database engines. Additional technical details are available for data analysis (for example precise timestamps are present in most tables). Data is not changed in any way and can be accessed or extracted repeatedly in contrast to standard access methods. It is the first tool to offer low-level data access to QuickBooks company files.
QB Forensics also searches and recovers old records / discarded data pages with old or lost data.
QB database tables can be previewed for preliminary analysis and / or exported as XML file with proper XSD schema to be used in MS Access, Excel, etc.
User preferences, system settings, access history, Apps details and other parameters are pre-extracted and shows to simplify data review and analysis. Attached binary and text blocks of data can be previewed in internal Hex viewer or extracted for further analysis.
Company files and transaction logs can be extracted from '.QBB' backups as well.
QuickBooks '.TLG' files are database transaction logs (history of all actions executed by the database engine). The transaction log is a key component of backup and recovery. QuickBooks Forensics sorts log transactions based on tables affected, thus tables history can be tracked step by step.
Below we will publish notes on QuickBooks internals to help you better understand QuickBooks Forensics and data it can provide:
QuickBooks Internals | Security | Login
QuickBooks Internals | Security | Sensitive Data Keys
QuickBooks Internals | Security | Sensitive Data Bugs
QuickBooks Internals | Security | Apps and LGB files
QuickBooks Internals | Security | SQL and a Major Design Flaw
QuickBooks Internals | DB | SQL Anywhere UID & PWD
QuickBooks Internals | Security | QuickBooks 2017
In theory sensitive data records (CC Numbers, SSNs, Tax IDs, SINs, EIN, Bank accounts, etc.) are supposed to be well protected and inaccessible without proper credentials, but in reality QuickBooks Forensics decrypts them automatically without any additional data using number of security flaws (QB 2016 upto R5 [up to May 2016] or with '.SDU' files in QB 2017 upto R4 [up to Jan 2017], ...). For patched versions you can export sensitive data related keys from any old version of your company file (with recoverable keys, known passwords, ...) and import into current versions to recover sensitive data encryption keys in full.
Password verification values can be replaced instantly in order to regain access to protected company files. Sensitive data encryption keys are usually easily recoverable or can be imported from old versions, so full data access can be restored.
Password search is an option for protected accounts and QuickBooks Forensics allows you to set several attacks in queue: dictionary, sequential based on a charset and length selected or as mixed combination of dictionaries, brute-force and fixed parts. You can split password in parts and set each part independently with precise search range setup. Additional modifications are available including unique keyboard layouts-aware recovery technique, char replacement (e.g. I or i with 1), etc. We did our best to enhance this tool performance as well as the recovery speed with some advanced methods and it found to be the fastest tool for QuickBooks password recovery.
What is password recovery speed?
Password recovery speed is variable depending on additional information recoverable from the file, username, etc.
The following table is based on several tests with the common laptop, workstation and tablet CPUs:
|Intel® Core™2 Duo
T7500 @ 2.20GHz
Z3740 @ 1.33GHz
|Intel® Core™ i3
2100 @ 3.10GHz
|Intel® Core™ i3
4130 @ 3.40GHz
|1.5 - 13 millions||2 - 13 millions||5 - 25 millions||10 - 35 millions|
Trial version allows you to view data from Tables with odd ID values. Export is enabled for tables "SYS..." or "ISYS..." only. Keys recovery status is available, but password replacement is disabled. You can also setup and test run any password search for 15 min per set.
QuickBooks Forensics License price is $99 USD.
After payment processing is completed, you will immediately receive the email with your registration key. The key should be entered into the evaluation version, which can be downloaded from this page.