Analyzing the Windows SRUM Database

August 15th, 2025 by Oleg Afonin

When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.

Read the rest of this entry »

Canon cannot or mustn’t provide image validation feature?

November 30th, 2010 by Olga Koksharova

A true security system cannot be so fragile: Canon Original Data Security broken…

Read the rest of this entry »

Firefox, Safari, Opera, and Chrome Passwords Cracked

November 11th, 2010 by Olga Koksharova

What is a Web browser for you? It’s virtually a whole world, all together: web sites, blogging, photo and video sharing, social networks, instant messaging, shopping… did I forget anything? Oh yes, logins and passwords. 🙂  Set an account here, sign in there, register here and sing up there – everywhere you need logins and passwords to confirm your identity.

Read the rest of this entry »

Hacking For Dummies, 3rd Edition by Kevin Beaver

November 2nd, 2010 by Olga Koksharova

Although this new book is on sale from January this year, we are happy to officially say our words of gratitude to Kevin Beaver and advise it to you.

Read the rest of this entry »

Smartphone Forensics: Cracking BlackBerry Backup Passwords

September 30th, 2010 by Vladimir Katalov

BlackBerry dominates the North American smartphone market, enjoying almost 40 per cent market share. A 20 per cent worldwide market share isn’t exactly a bad thing, too. The total subscriber base for the BlackBerry platform is more than 50 million users.

Read the rest of this entry »

Mind your passwords, make them different

September 17th, 2010 by Olga Koksharova

XKCD posted quite nice comics with a reallife problem behind them. It is very likely that some Web-services do as described, either sell such info to third parties or use it for evil purposes. Our recommendation is if you cannot trust some of the websites, choose another unique password for them. It would be even wiser if you had different passwords for all websites you visit. Some even unimportant websites can aslo be cracked and even if they (better to say your data stored there) have no value at all, your password, can be tried for Facebook or LinkedIn, hopefully in vain.

Read the rest of this entry »

iPhone 4 Performance

September 15th, 2010 by Andrey Belenko

Finally, we’ve got our first iPhone 4 in office. And what was the first thing we did with it? Yes, test its performance to complete table in my previous post.

Read the rest of this entry »

Measuring iPhone Performance

August 5th, 2010 by Andrey Belenko

I’ve had plans to create some kind of performance measurement app for iPhone/iPod/iPad for quite a bit time of already, and after reading recent reports that iOS 4 is very slow on iPhone 3G I thought that time had finally come.

Read the rest of this entry »

Peeking Inside Keychain Secrets

August 5th, 2010 by Andrey Belenko

Today we have released Elcomsoft iPhone Password Breaker 1.20 which introduces two new features and fixes few minor issues.

Read the rest of this entry »

Something new….

July 15th, 2010 by Alexandra Tsybulskaya

According to the preliminary results of our latest questionnaire (ElcomSoft Customer Reference program Questionnaire) the majority of people forget their passwords when returned from holidays, thus being blocked out from the precious information they have on the PC.
I bet that lots of people found themselves or those around in a similar situation at least once. Let me share my personal experience with you. One of my friends, having returned from the vacation in a tropical paradise, was pleased to see a new computer at her desk (while she was away the company renewed some of the machines) and at the same time very much discouraged and upset to find out that many of her passwords remained in her old pc and she didn't bother herself to save them anywhere else. So the access to the mail account from her new modern PC was forbidden, as well as access to several password-protected websites (from social networks to online banking).  Nothing to be happy with, isn’t it?!! But such a story no longer has a sad ending due to the release of Elcom’s new recovery tool, namely ElcomSoft Internet Password Breaker. In the above described situation EINPB revealed necessary passwords stored in the old computer, thus letting a person replace the password-protected data from one machine to another.  One more important remark in this respect is that my friend didn’t have to seek help of the “user-unfriendly sysadmin” 🙂

Read the rest of this entry »