Analyzing the Windows SRUM Database
August 15th, 2025 by Oleg Afonin
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.
Our Autumn Events Digest
November 6th, 2013 by Olga Koksharova
This fall has been quite rich in IT security events for ElcomSoft. We managed to visit a number of conferences and trade shows in order to, as we say in Russia, see the others and be seen 🙂
Forensic Day in Karlsruhe
September 27th, 2013 by Oleg Afonin
We’ve just returned from Karlsruhe, Germany from an event named FTDay. Hosted by mh-Service, a long-time ElcomSoft partner in Germany, this was a small but quality event. The first day was packed with sessions. The second day was dedicated to practical workshops.
I’ve Got the iTunes Backup from the iCloud. What Shall I Do Now?
September 3rd, 2013 by Vladimir Katalov
This is the second part of Elcomsoft Phone Password Breaker Enhances iCloud Forensics and Speeds Up Investigations article.
Elcomsoft Phone Password Breaker Enhances iCloud Forensics and Speeds Up Investigations
August 22nd, 2013 by Vladimir Katalov
It’s been a while since we updated Elcomsoft Phone Password Breaker, dedicating our efforts to physical acquisition of iOS devices instead. Well, now when the new iOS Forensic Toolkit is out, it is time to update our classic phone recovery tool.
The New Elcomsoft iOS Forensic Toolkit
July 17th, 2013 by Vladimir Katalov
Soon after releasing the updated version of iOS Forensic Toolkit we started receiving questions about the new product. Did we really break iPhone 5? Does it truly work? Are there limitations, and what can you do about them? We decided to assemble all these questions into a small FAQ. If you’d rather read the full, more technical version of this FAQ, visit the following page instead: Elcomsoft iOS Forensic Toolkit FAQ. Those with non-technical background please read along.
REcon 2013: Breaking Apple iCloud
July 3rd, 2013 by Oleg Afonin
I’ve just returned from REcon 2013 held in Montreal, where I talked about breaking iCloud services (everyone: the slides from that presentation are available right here, and the organizers promised a video soon). I spoke about WHY breaking the iCloud, HOW we did it and WHO can use it. I can briefly stop here, and elaborate the points.
ElcomSoft at CEIC 2013: Kindle Fire HD Hunt Succeeded
June 13th, 2013 by Olga Koksharova
The CEIC 2013 conference is over. We were happy to connect with our partners and customers at our booth during the show hours. We’d like to thank everyone who stopped by, and give our special thanks to those providing valuable feedback and suggestion on our products. (To those who wanted to see our tools settled under a single roof: we’re working on it!)
Apple Two-Factor Authentication and the iCloud
May 30th, 2013 by Vladimir Katalov
Finally, two-factor authentication is not a silver bullet. There are scenarios where two-factor authentication simply is not enough. But still, it is a good idea to enable 2FA on all your accounts.
iCloud backups inside out
February 25th, 2013 by Vladimir Katalov
It’s been a while since we released the new version of Elcomsoft Phone Password Breaker that allows downloading backups from iCloud (read the press release). Many customers all over the world are already using this new feature intensively, but we still get many questions about its benefits, examples of cases when it can be used and how to use it properly. We also noticed many ironic comments in different forums (mostly from users without any experience in using iOS devices and so have no idea what iCloud backups actually are, I guess), saying that there is nothing really new or interesting there, because anyone with Apple ID and password can access the data stored in iCloud backup anyway.
