In modern investigations, the web browser is no longer just an application – it is a comprehensive journal of a suspect’s life, intentions, and habits. While end-to-end encrypted clouds and locked smartphones often hit a dead end, the desktop web browser remains one of the most significant grounds for digital evidence, often serving as the silent witness that helps solve a case.

Since the introduction of DPAPI in Windows 2000, the forensic workflow for recovering browser credentials was straightforward: isolate the computer, image the drive, and extract the browser profile. In that era, having the user’s Windows password was enough to decrypt everything offline. Today, that assumption is outdated. With the shift to App-Bound Encryption, Google and Microsoft effectively broke the “dead box” workflow for their browsers. While stored passwords remain critical evidence, accessing them now requires investigators to act before they pull the plug.

For decades, the forensic “gold standard” was straightforward: isolate the computer, pull the plug, and image the drive. In that era, what you saw on the screen was physically present on the magnetic platters, waiting to be extracted bit by bit. Today, that assumption is not just outdated; it is plain wrong. The rapid adoption of cloud storage services, partial on-demand synchronization, and full-disk encryption has fundamentally broken the traditional dead-box workflow, turning the simple act of powering down a suspect’s computer into a potential destroyer of evidence.

Modern digital forensic labs are facing a crisis of scale. When a search warrant results in the seizure of a dozen laptops, several servers, and a mountain of external drives, the traditional forensic workflow – bit-for-bit imaging followed by exhaustive analysis – becomes a liability rather than an asset. This is precisely where our new tool, Elcomsoft Quick Triage, enters the picture. Designed as a solution for rapid, in-field data acquisition, EQT allows investigators to bypass the “imaging bottleneck” and identify the “smoking gun” in minutes rather than months.

We’re expanding our product line with a new tool: Elcomsoft Quick Triage. With this release, we are expanding into an area we had not previously covered – digital forensic triage. EQT is designed to address a very specific need that arises at the earliest stages of an investigation, when time is limited and quick decisions matter. The new tool is not intended to replace full-featured forensic platforms or in-depth analysis. Instead, it focuses on a different phase of the workflow: fast identification, collection, and review of the most relevant evidence before committing resources to a complete examination.

Eighteen years ago, before “GPU acceleration” and “AI data center” became household terms, a small hi-tech company changed the rules of cryptography. In 2007, we unveiled a radical idea – using the untapped power of graphics processors to recover passwords, which coincided with the release of video cards capable of performing fixed-point calculations. What began as an experiment would soon redefine performance computing across nearly every field.

Most real-world passwords aren’t random – they follow the owner’s habits, preferences, and personal history. Names, birthdays, pets, team loyalties, and even old usernames affect how people build their “secret” strings. By turning this everyday information into structured, prioritized password candidates, analysts can reach higher success rates than with generic dictionaries or blind brute force. This article explains how to transform user data into a focused attack strategy.

Password managers have become a common part of everyday digital life, helping users handle hundreds of online accounts. They simplify authentication and reduce the need to remember complex credentials, yet the same centralization that makes them convenient also concentrates risk. Modern platforms from Apple, Google and Microsoft all ship with built-in password managers, and many users rely on third-party apps for the same purpose.

Our customers often ask us which exact iOS versions are supported by iOS Forensic Toolkit. There’s always a temptation to answer “all of them,” and while that answer is technically correct, there are a lot of caveats. The devil is in the details, and the real answer depends on what you mean by “support”.

During the recent investigation into the October 2025 Louvre Museum heist, it was revealed that parts of the museum’s video surveillance network were protected by the default password “Louvre.” Further reporting indicated that sections of the system operated on Windows Server 2003 and relied on outdated surveillance management software. These findings point to long-term neglect of basic cybersecurity practices – specifically, the continued use of obsolete systems and weak authentication measures.