Analyzing the Windows SRUM Database
August 15th, 2025 by Oleg Afonin
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.
Yahoo!, Dropbox and Battle.net Hacked: Stopping the Chain Reaction
February 14th, 2013 by Vladimir Katalov
Major security breaches occur in quick succession one after another. Is it a chain reaction? How do we stop it?
Norwegian Teenagers Hacking iCloud Accounts
February 7th, 2013 by Olga Koksharova
A few days ago, we received the following communication from an obsessed password researcher and our long-standing friend (quoted with his permission):
ElcomSoft Decrypts BitLocker, PGP and TrueCrypt Containers
December 20th, 2012 by Vladimir Katalov
BitLocker, PGP and TrueCrypt set industry standard in the area of whole-disk and partition encryption. All three tools provide strong, reliable protection, and offer a perfect implementation of strong crypto.
