Abstract: WeChat is currently a highly used communication tool that stores a large amount of important data required for forensics. Forensics personnel are most concerned about the data recovery and forensics of WeChat. The recovered WeChat data may become the key evidence of judicial forensics, which directly affects whether the case can be successfully solved. In this paper, we propose an analysis and recovery methods based on SQLite database storage structure. On the basis of in-depth analysis of the storage structure of WeChat database files on the Windows platform, multiple database files were integrated to recover deleted data from WeChat based on the existing idle pages and free blocks in the database. The feasibility and effectiveness of the Windows platform data recovery method was verified through experiments.