What TRIM, DRAT, and DZAT Really Mean for SSD Forensics
June 2nd, 2025 by Oleg Afonin
If you’re doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs – especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to magnetic hard drives when it comes to recovering deleted evidence. This article breaks down what TRIM actually does, how SSDs respond, and what forensic experts need to know when handling modern storage.
Video Tutorial on Decryption of Windows EFS-encrypted Data
July 6th, 2015 by Olga Koksharova
Although we’ve already embraced the EFS-encryption/decryption in some of our white papers and case studies, now we’d like to share a video tutorial because seeing once is better than hearing reading twice. So, in this video you will see how to decrypt EFS-encrypted data with help of Advanced EFS Data Recovery and how to recover Windows user account password with Proactive System Password Recovery (because it’s still obligatory for this type of encryption).
Why Do We Need Physical Acquisition?
June 25th, 2015 by Vladimir Katalov
With all the trouble of jailbreaking iOS 8 devices and the lack of support for 64-bit hardware, does iOS physical acquisition still present meaningful benefits to the investigator? Is it still worth your time and effort attempting to acquire that iPhone via a Lightning cord?
Elcomsoft Forensic Disk Decryptor Video Tutorial
June 8th, 2015 by Olga Koksharova
Quite often our new customers ask us for advice about what they should start with in order to use the program effectively. In fact, there are various situations when the tool can come in handy by decrypting data securely protected with TrueCrypt, BitLocker (To-Go), or PGP and we’d need a super long video to describe all the cases. But we’d love to demonstrate one typical situation when disk is protected with TrueCrypt when entire system drive encryption option is on.
Elcomsoft Phone Viewer: Faster and Easier
May 19th, 2015 by Vladimir Katalov
As you may already know, we have just updated our recently released forensic tool, Elcomsoft Phone Viewer. The update received a major performance boost and numerous usability enhancements.
Elcomsoft Wireless Security Auditor Video Tutorial
April 30th, 2015 by Olga Koksharova
I know most computer gurus and pros never read through program manuals or help files and prefer to learn everything using proverbial method of trial and error. Does this sound like you? Of course. Exceptions are very seldom. So, here’s something nice that will save your time and help your experience with Elcomsoft Wireless Security Auditor (EWSA).
Sanderson SQLite Forensic Toolkit on a Mac OS X using CrossOver
March 5th, 2015 by Shafik Punja
a. But if you are going to install more than application into the same bottle, be mindful of the recommendation by CO, that it is recommended that each application be in its own bottle in order to avoid any conflict between programs. Please be aware that there is more than one method by which to install applications. Essentially you can have each in its own bottle or group them into bottles of a common theme (being aware of the recommendation not to do this).
Considerations/Thoughts
