Analyzing the Windows SRUM Database
August 15th, 2025 by Oleg Afonin
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.
Elcomsoft Forensic Disk Decryptor Video Tutorial
June 8th, 2015 by Olga Koksharova
Quite often our new customers ask us for advice about what they should start with in order to use the program effectively. In fact, there are various situations when the tool can come in handy by decrypting data securely protected with TrueCrypt, BitLocker (To-Go), or PGP and we’d need a super long video to describe all the cases. But we’d love to demonstrate one typical situation when disk is protected with TrueCrypt when entire system drive encryption option is on.
Elcomsoft Phone Viewer: Faster and Easier
May 19th, 2015 by Vladimir Katalov
As you may already know, we have just updated our recently released forensic tool, Elcomsoft Phone Viewer. The update received a major performance boost and numerous usability enhancements.
Elcomsoft Wireless Security Auditor Video Tutorial
April 30th, 2015 by Olga Koksharova
I know most computer gurus and pros never read through program manuals or help files and prefer to learn everything using proverbial method of trial and error. Does this sound like you? Of course. Exceptions are very seldom. So, here’s something nice that will save your time and help your experience with Elcomsoft Wireless Security Auditor (EWSA).
Sanderson SQLite Forensic Toolkit on a Mac OS X using CrossOver
March 5th, 2015 by Shafik Punja
a. But if you are going to install more than application into the same bottle, be mindful of the recommendation by CO, that it is recommended that each application be in its own bottle in order to avoid any conflict between programs. Please be aware that there is more than one method by which to install applications. Essentially you can have each in its own bottle or group them into bottles of a common theme (being aware of the recommendation not to do this).
Considerations/Thoughts
Elcomsoft Distributed Password Recovery Video Tutorial
February 26th, 2015 by Olga Koksharova
Anyone considering the possibility to purchase Elcomsoft Distributed Password Recovery has a wonderful opportunity to explore the program together with Sethioz and get a clearer understanding of how the program works and what requires your special attention when you are using EDPR. This video assumes you are already familiar with basics of password cracking and suggests more information for your convenient work with the tool.
Cracking Wi-Fi Passwords with Sethioz
February 18th, 2015 by Olga Koksharova
If you care about password cracking, hardware acceleration or Wi-Fi protection this interview with our friend Sethioz is certainly for you. Being currently a freelance security tester Sethioz kindly shared his experience in cracking passwords using video cards, which in its turn derived from his gaming interest in cards. His personal experience may be very helpful to those whose concern about password cracking is not trivial.
