Analyzing the Windows SRUM Database
August 15th, 2025 by Oleg Afonin
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.
Extracting WhatsApp Conversations from Android Smartphones
February 2nd, 2017 by Oleg Afonin
As you may already know, we’ve added Android support to our WhatsApp acquisition tool, Elcomsoft Explorer for WhatsApp. While the updated tool can now extract WhatsApp communication histories directly from Android smartphones with or without root access, how do you actually use it, and how does it work? In this blog post we’ll be looking into the technical detail and learn how to use the tool.
iOS 10 Physical Acquisition with Yalu Jailbreak
January 30th, 2017 by Vladimir Katalov
Note: we recommend disabling Wi-Fi and cellular connectivity on the device you are acquiring. In addition, disable Wi-Fi on all other iOS devices connected to the same network as your computer.
How Can I Break Into a Locked iOS 10 iPhone?
January 26th, 2017 by Oleg Afonin
Each iteration of iOS is getting more secure. With no jailbreak available for the current version of iOS, what acquisition methods are available for the iPhone 7, 7 Plus and other devices updating to iOS 10? How does the recent update of Elcomsoft iOS Forensic Toolkit help extracting a locked iOS 10 iPhone? Read along to find out!
Who and Why Spies on Android Users, And What They Do With the Data
January 25th, 2017 by Oleg Afonin
If you’ve been following the news, you may already know about the many cases where companies, big and small, were caught spying on their users. It might appear that just about everyone making a phone or an app is after your personal information. In this article we’ll try to figure out who collects your personal data, why they do it and what they do with the data they collect.
Inside ElcomSoft Lab. Part 1
January 20th, 2017 by Oleg Afonin
Staying on the bleeding edge of today’s technologies requires constant work. ElcomSoft lab is one of the busiest places in the company. Last year, we had dozens of devices passing through our lab. This publication opens the series of articles in which we’ll share insider’s information on what we do, what we are about to do, and how we do that. So let’s shed some light on what’s going on inside ElcomSoft lab.
Fingerprint Readers in pre-Android 6 Smartphones: A Call for Disaster
January 19th, 2017 by Oleg Afonin
Back in 2013, Apple has added a fingerprint reader to its then new iPhone 5s. Around that time, OEMs manufacturing Android devices have also started equipping their devices with fingerprint sensors. It turned out that Apple and Android OEMs came to severely different results. In this article, we’ll have a look at fingerprint reader implementations in pre-Marshmallow Android devices and see why they were a terrible idea.
Government Request Reports: Google, Apple and Microsoft
January 16th, 2017 by Oleg Afonin
Every once in a while, hi-tech companies release reports on government requests that they received and served (or not). The different companies receive a different number of requests. They don’t treat them the same way, and they don’t report them the same way, which makes the comparison difficult. In this article, we’ll try to analyze and compare government request reports published by Apple, Google and Microsoft.
FBI Can Unlock Most Devices They Need To
December 29th, 2016 by Vladimir Katalov
According to Jim Baker, FBI General Counsel, the bureau can access information on most smartphones they are dealing with, even if encryption is enabled. In this article, we tried to find out which devices they can and cannot unlock, and why.
Extracting Calls, Contacts, Calendars and Web Browsing Activities from iOS Devices in Real Time
December 21st, 2016 by Vladimir Katalov
Cloud acquisition has been available for several years. iPhones and iPads running recent versions of iOS can store snapshots of their data in the cloud. Cloud backups are created automatically on a daily basis provided that the device is charging while connected to a known Wi-Fi network. While iCloud backups are great for investigations, there is one thing that might be missing, and that’s up-to-date information about user activities that occurred after the moment the backup was created. In this article, we’ll discuss an alternative cloud acquisition option available for iOS devices and compare it to the more traditional acquisition of iCloud backups.
The Ugly Side of Two-Factor Authentication
December 20th, 2016 by Oleg Afonin
Two-factor authentication is great when it comes to securing access to someone’s account. It’s not so great when it gets in the way of accessing your account. However, in emergency situations things can turn completely ugly. In this article we’ll discuss steps you can do to minimize the negative consequences of using two-factor authentication if you lose access to your trusted device and your trusted phone number. In order to keep the size of this text reasonable we’ll only talk about Apple’s implementation, namely Two-Step Verification and Two-Factor Authentication. You can read more about those in our previous blog post.
