.DB Database File
.db

Database File

A .db file is a database container, most commonly SQLite — a single-file, serverless relational database embedded in every smartphone, browser, and modern OS. Over one trillion SQLite databases are in active use worldwide. This is a reference page only.

Learn more ↓
Data layout
Header schema
Records structured data
MetadataText2000
By FileDex
Not convertible

Database files require the original database engine for meaningful access. SQLite .db files can be queried with the sqlite3 CLI, DB Browser for SQLite, or any SQLite-compatible library. Use the CLI commands in the Technical Reference below to export data to CSV or SQL.

Common questions

What is a DB file?

A .db file is a database container, most commonly a SQLite database. SQLite stores tables, indexes, triggers, and data in a single portable binary file. Over one trillion SQLite databases are in active use across smartphones, browsers, and operating systems worldwide.

How do I open a DB file?

Use DB Browser for SQLite for a free visual interface, or DBeaver for a universal database tool. Both are available on Windows, macOS, and Linux. For non-SQLite .db files, determine the creator application first by checking the magic bytes at the start of the file.

Is every DB file a SQLite database?

No. While most .db files are SQLite, the extension is also used by Berkeley DB, Windows Thumbs.db thumbnail caches, and other database engines. Check the first bytes: SQLite databases always start with the ASCII text "SQLite format 3" at byte zero.

Can I recover data from a corrupted DB file?

For SQLite files, the PRAGMA integrity_check command identifies structural damage by walking the entire B-tree and verifying page checksums. The .recover command exports all recoverable rows as SQL statements that can rebuild the database. For severe corruption where the B-tree is destroyed, third-party tools scan raw pages for valid cell patterns.

Why does my Windows folder contain a Thumbs.db file?

Windows creates Thumbs.db to cache folder thumbnail images for faster display in Explorer. It uses OLE compound document format — the same binary structure as legacy .doc files — not a standard SQLite database. Deleting Thumbs.db files is safe and frees disk space, but Windows regenerates them when you browse that folder again.

What is the maximum size of a SQLite database?

The theoretical maximum is approximately 281 terabytes: over four billion pages at 65,536 bytes per page. In practice, SQLite databases in the tens of gigabytes perform well for read-heavy workloads. Performance depends on page size selection, indexing strategy, journal mode (WAL recommended for concurrent reads), and whether the working set fits in the OS page cache.

Does FileDex convert DB files?

No. Database files require the original database engine for meaningful access. For SQLite databases, use DB Browser for SQLite to export tables to CSV or dump the entire schema and data as SQL text. See the CLI commands in the Technical Reference section below.

What makes .DB special

Born on a warship
SQLite was created for US Navy destroyers
D. Richard Hipp designed SQLite in 2000 for a damage-control system on guided-missile destroyers. The existing Informix server crashed and took the whole application down. Hipp built a database that needed no server at all.
One trillion databases
More active SQLite databases than people on Earth
SQLite estimates over one trillion (1e12) databases in active use. Every smartphone holds hundreds of .db files — Chrome alone creates separate databases for history, cookies, favicons, and autofill.
Public domain forever
SQLite has no copyright — it belongs to everyone
SQLite is not merely open source — it is public domain. Contributors sign an affidavit dedicating their work with no restrictions. The Library of Congress recommends the format for long-term dataset preservation.
Three formats, one extension
.db can be SQLite, Berkeley DB, or Thumbs.db
The .db extension has no single owner. A SQLite database starts with "SQLite format 3". A Thumbs.db starts with the OLE header D0 CF 11 E0. Berkeley DB has its own signature. The extension alone tells you nothing.

What is a DB file?

DB is a generic file extension used by multiple database engines to store structured data. In practice, the overwhelming majority of .db files encountered today are SQLite databases. D. Richard Hipp created SQLite in the spring of 2000 while working on a US Navy contract at General Dynamics. The original problem was a damage-control system aboard guided-missile destroyers that ran on HP-UX with Informix as the database backend. When the Informix server went down, the application failed entirely. Hipp's solution was a database engine that required no server, no configuration, and no administrator — one that stored everything in a single ordinary file.

Continue reading — full technical deep dive

SQLite version 1.0 shipped on August 17, 2000. It used gdbm as the storage backend. Version 2.0 followed in September 2001, replacing gdbm with a custom B-tree implementation and adding transaction support. Version 3.0 arrived in June 2004 with funding from America Online, introducing manifest typing, internationalization, and the 100-byte file header structure that defines every SQLite .db file written since.

The trillion-database engine

SQLite is the most deployed database engine in the world, and it is not close. The project estimates over one trillion active SQLite databases across all devices. Every Android phone, every iPhone, every Mac, every Windows 10 and later machine, every Firefox, Chrome, and Safari browser, every Skype client, every iTunes installation, and every Dropbox client embeds SQLite. The SQLite developers describe it as "probably the second most widely deployed software library, after libz."

A single app on a single phone may contain dozens of .db files. Chrome stores browsing history, cookies, favicons, and autofill data in separate SQLite databases. WhatsApp stores message history in msgstore.db. Signal stores its encrypted message database as signal.db. When a forensic examiner acquires a mobile device, the first step is usually cataloguing and opening the .db files — they contain the user's digital life.

SQLite file structure

Every SQLite database begins with a 100-byte header. The first 16 bytes are the ASCII string "SQLite format 3" followed by a null byte (hex: 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20 33 00). This magic string makes identification unambiguous — no other database engine uses it.

Bytes 16-17 store the page size as a big-endian 16-bit integer. Valid values are powers of two from 512 to 32768, with the special value 1 representing 65536. The default since SQLite 3.12.0 (2016) is 4096 bytes. The entire database is divided into fixed-size pages, and every read or write operates on whole pages.

Byte 18 is the file format write version: 1 for the legacy rollback journal, 2 for WAL (Write-Ahead Logging). Byte 19 is the read version with the same encoding. WAL mode, introduced in SQLite 3.7.0 (2010), allows concurrent readers while a single writer appends changes to a separate -wal file. A checkpoint operation merges the WAL back into the main database.

Bytes 56-59 store the text encoding: 1 for UTF-8, 2 for UTF-16LE, 3 for UTF-16BE. Once set during database creation, the encoding cannot change. Bytes 96-99 record the SQLite library version number that last modified the database, encoded as a single integer (for example, 3041002 for version 3.41.2).

B-tree storage

SQLite organizes data using B-tree structures. Table data lives in table B-trees keyed by the 64-bit integer rowid. Index data lives in index B-trees keyed by the indexed column values. Each B-tree node occupies one database page. Interior pages contain pointers to child pages and separator keys. Leaf pages contain the actual cell payloads — the serialized column values for each row.

Page 1 is special: it contains both the 100-byte database header and the root of the sqlite_master table, which is the schema. Every CREATE TABLE, CREATE INDEX, CREATE VIEW, and CREATE TRIGGER statement is stored as a row in sqlite_master with the original SQL text. This design means the schema is always inside the database file itself — there is no external catalog.

When a cell's payload exceeds the page's usable space, SQLite writes the overflow to one or more overflow pages linked in a chain. This mechanism allows individual values up to approximately 2 gigabytes, though in practice values exceeding a few megabytes are uncommon.

The extension ambiguity problem

The .db extension has no single owner. While SQLite dominates, the same three letters appear on files from entirely unrelated systems.

Berkeley DB was created at UC Berkeley by Margo Seltzer and Keith Bostic, first released in 1991 as part of 4.4BSD. It is an embedded key-value store — not a relational database — designed for fast lookups in system utilities and mail servers. Sleepycat Software commercialized it in 1996 after Netscape requested improvements for their LDAP server. Oracle acquired Sleepycat in February 2006 and changed the license to AGPL v3 in 2013, which sharply reduced adoption in open-source projects. Berkeley DB .db files have their own binary format that is completely unrelated to SQLite.

Windows Thumbs.db is an OLE Compound Document that caches folder thumbnail images as small JPEG files resized to 96x96 pixels. It appeared with Internet Explorer 4's Active Desktop Update for Windows 95-98 and persisted through Windows XP. Starting with Windows Vista, Microsoft moved thumbnail caching to a centralized location (thumbcache_xxx.db in the user's AppData folder), but Thumbs.db files still appear on network shares with write permissions. They are forensically significant: the FBI used Thumbs.db evidence in a 2008 case because the cache reveals which images were previously viewed in a folder, even after the originals are deleted.

Application databases from mobile apps, games, and desktop software also use .db. In most of these cases, the underlying format is actually SQLite — the application simply chose .db as the extension rather than .sqlite or .sqlite3.

How to identify an unknown .db file

The first bytes reveal the origin. Open the file in a hex editor or use the file command on macOS/Linux:

  • Bytes starting with 53 51 4C 69 74 65 ("SQLite") at offset 0 indicate a SQLite database
  • Bytes starting with D0 CF 11 E0 at offset 0 indicate an OLE Compound Document (Thumbs.db or similar)
  • Other signatures indicate Berkeley DB or application-specific formats

Context helps too. A .db file on an Android or iOS device is almost certainly SQLite. A Thumbs.db in a Windows folder is a thumbnail cache. A .db file in a Unix /var directory may be Berkeley DB from a legacy system service.

Corruption and recovery

SQLite databases can become corrupted through several mechanisms: interrupted writes during transactions, deletion of the WAL or journal file while the database is open, copying the file while a write is in progress (hot copy), disk-full conditions during write operations, and hosting on NFS or network drives where POSIX advisory locking fails silently.

The PRAGMA integrity_check command walks every B-tree page and verifies structural consistency, checksums, and index alignment. It returns "ok" if no corruption is found. For damaged databases, the .recover command (added in SQLite 3.29.0) exports all recoverable data as SQL statements that can rebuild the database from scratch. Third-party tools like undark can extract data from heavily corrupted files by scanning for valid cell patterns outside the normal B-tree structure.

Prevention is more effective than recovery. Using WAL mode reduces corruption risk because the main database file is never modified during a transaction — only the WAL receives writes. The SQLite backup API provides a safe way to copy a live database without the risks of a file-system-level copy.

ACID compliance and concurrency

SQLite provides full ACID compliance — Atomicity, Consistency, Isolation, and Durability — through its journal mechanism. In rollback journal mode, the original page contents are written to a separate -journal file before modification. If a crash occurs mid-transaction, the journal replays on next open to restore the original state. In WAL mode, new pages are appended to a -wal file, and readers continue seeing the pre-transaction state until the writer commits.

The single-writer limitation is SQLite's most significant architectural constraint. Only one connection can write at a time; other writers must wait. This makes SQLite unsuitable for high-concurrency server workloads but perfectly adequate for local application storage, where write contention is rare. Read concurrency in WAL mode is excellent — any number of readers can proceed simultaneously without blocking the writer or each other.

Public domain and long-term commitment

SQLite's source code is in the public domain — not merely open source, but explicitly dedicated with no copyright restrictions whatsoever. Contributors must sign an affidavit placing their work in the public domain. This means any person or organization can use, modify, and distribute SQLite for any purpose without attribution or license compliance.

The Library of Congress recognizes SQLite as one of four recommended formats for long-term storage of datasets. The SQLite developers have stated their intention to maintain the software and the file format through the year 2050. Given that the format has remained backward-compatible since version 3.0 in 2004 — a database created twenty years ago opens in today's SQLite without modification — this commitment has a strong track record behind it.

.DB compared to alternatives

.DB (SQLITE) vs .MDB
Server requirement
SQLite is serverless — the engine runs as a library linked into the application. MDB (Microsoft Access) requires the Access Database Engine or full Access installation on Windows. SQLite runs on every platform.
 DB (SQLITE) wins
.DB (SQLITE) vs .MDB
Cross-platform support
SQLite runs on Windows, macOS, Linux, iOS, Android, and every embedded platform. MDB is Windows-only and requires Microsoft-specific drivers even for read access.
 DB (SQLITE) wins
.DB (SQLITE) vs .CSV
Query capability
SQLite supports full SQL: JOINs, subqueries, aggregation, indexes, and transactions. CSV is flat text with no query engine — it must be loaded entirely into memory and processed by application code.
 DB (SQLITE) wins
.DB (SQLITE) vs .CSV
Human readability
CSV is plain text, readable in any text editor or spreadsheet. SQLite .db files are binary and require a SQLite-aware tool to inspect. For simple tabular data exchange, CSV is more accessible.
 CSV wins
.DB (SQLITE) vs .SQL DUMP
Portability across database engines
A SQL dump (.sql) contains standard SQL statements that most database engines can import with minor syntax adjustments. A .db file is locked to SQLite — PostgreSQL and MySQL cannot read it directly.
 SQL DUMP wins
.DB (SQLITE) vs .SQL DUMP
Query performance
A SQLite .db file is a live database with indexes, B-trees, and optimized page layout. A SQL dump must be re-imported and re-indexed before queries run efficiently. The .db file is ready to query instantly.
 DB (SQLITE) wins

Technical reference

MIME Type
application/octet-stream
Developer
Various
Year Introduced
1970
Open Standard
No

Binary Structure

SQLite .db files begin with a 100-byte header containing the magic string "SQLite format 3\000" (16 bytes), the page size (2 bytes, big-endian), file format versions, page counts, schema cookie, text encoding, and the SQLite version number that last wrote the file. The database is divided into fixed-size pages (default 4096 bytes). Page 1 holds the header plus the root of the sqlite_master table (the schema). Interior and leaf pages form B-tree structures for tables (rowid B-trees) and indexes (index B-trees). Overflow pages store values exceeding the usable page space. An optional WAL file holds uncommitted page changes for crash recovery and concurrent read access.

OffsetLengthFieldExampleDescription
0x00 16 bytes Magic string 53 51 4C 69 74 65 20 66 6F 72 6D 61 74 20 33 00 ASCII "SQLite format 3" followed by null byte. Identifies file as SQLite database.
0x10 2 bytes Page size 10 00 Database page size in bytes (big-endian). 4096 default. Must be power of 2 between 512 and 65536 (value 1 means 65536).
0x12 1 byte File format write version 01 1 = legacy rollback journal mode, 2 = WAL (Write-Ahead Logging) mode.
0x13 1 byte File format read version 01 1 = legacy, 2 = WAL. Readers must support this version to open the file.
0x18 4 bytes File change counter 00 00 00 02 Incremented on each transaction commit. Used to detect changes and invalidate caches.
0x1C 4 bytes Database size in pages 00 00 00 02 Total number of pages in the database file (big-endian uint32).
0x38 4 bytes Text encoding 00 00 00 01 1 = UTF-8, 2 = UTF-16LE, 3 = UTF-16BE. Set once at creation, cannot be changed.
0x60 4 bytes SQLITE_VERSION_NUMBER 00 2E 8A 14 Library version encoded as integer (e.g., 3050004 = SQLite 3.50.4). Identifies which SQLite build last modified the file.
1991Berkeley DB released at UC Berkeley by Margo Seltzer and Keith Bostic as an embedded key-value store using the .db extension2000D. Richard Hipp creates SQLite for a US Navy damage-control system on guided-missile destroyers; version 1.0 released August 172004SQLite 3.0 introduces the current file format with manifest typing, UTF-8/UTF-16 support, and the 100-byte header structure still used today2006Oracle acquires Sleepycat Software (Berkeley DB maintainer) in February; SQLite becomes the default local database on Android and iOS2010SQLite 3.7.0 adds Write-Ahead Logging (WAL mode), enabling concurrent read access alongside a single writer2014Library of Congress designates SQLite as one of four recommended formats for long-term storage of datasets2021SQLite 3.36 adds STRICT tables for optional column type enforcement, addressing a long-standing request from strict-typing advocates
List all tables in a SQLite database other 
sqlite3 database.db '.tables'

Opens a SQLite .db file and prints all table names. The sqlite3 CLI is pre-installed on macOS and most Linux distributions. On Windows, download from sqlite.org/download.html.

Export a table to CSV with column headers other 
sqlite3 -header -csv database.db 'SELECT * FROM users;' > users.csv

Queries a table and writes the results as CSV with column names in the first row. Useful for importing data into spreadsheets or other database systems.

Dump entire database to a SQL text file other 
sqlite3 database.db .dump > backup.sql

Exports the complete schema (CREATE TABLE statements) and all data (INSERT statements) as portable SQL text. The output can recreate the database on any SQL-compatible system.

Check database integrity other 
sqlite3 database.db 'PRAGMA integrity_check;'

Walks every B-tree page and verifies structural consistency, checksums, and index alignment. Returns "ok" if no corruption is found, or a description of each problem detected.

Identify a .db file type by magic bytes other 
file database.db

The file command reads magic bytes and reports the file type. For SQLite files it prints "SQLite 3.x database". For Thumbs.db it reports "Composite Document File" (OLE). Works on macOS and Linux.

MEDIUM

Attack Vectors

  • SQL injection when applications build queries by concatenating user input directly into SQL strings without parameterized statements
  • Sensitive data stored unencrypted — anyone with file system access can read messages, contacts, call logs, and browsing history from mobile .db files
  • Deleted rows persist in freelist pages until VACUUM, allowing forensic recovery of supposedly removed data
  • WAL and journal files may contain recent writes even after the main database is wiped
  • Thumbs.db files on shared network drives reveal which images were viewed in a folder, even after the images are deleted

Mitigation: FileDex does not open, execute, or parse database files. This is a reference page only.

Free open-source GUI for creating, editing, and querying SQLite databases
DBeaver tool
Free universal database tool supporting SQLite, PostgreSQL, MySQL, and dozens of other engines
Official SQLite command-line shell for querying and managing .db files, pre-installed on macOS and most Linux distributions
better-sqlite3 library
Synchronous SQLite binding for Node.js, the fastest option for server-side JavaScript
Python sqlite3 library
Standard library module for SQLite access in Python, available without any installation
Datasette tool
Publishes SQLite databases as interactive web applications with JSON API, search, and faceted browsing