Analyzing the Windows SRUM Database

August 15th, 2025 by Oleg Afonin

When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.

Read the rest of this entry »

CCFC 2010

July 1st, 2010 by Andrey Belenko

For the third time we've been invited to Beijing, China to participate in CCFC (China Computer Forensic Conference), to talk about password recovery and to conduct workshop on password recovery tools. Like two previous times, this time CCFC also was great. Lots of visitors, very nice audience and lots of smart questions. On the first day of conference I gave a talk on password recovery (mostly very generic and not very in-depth) and I'd like to share slides of that talk.

Read the rest of this entry »

0-day

June 21st, 2010 by Andrey Belenko

It’s been two weeks since Steve Jobs has announced release of new iPhone 4 and iOS 4 operating system during his keynote on WWDC’2010. New iPhone will begin shipping on Thursday, 24th of June, and new iOS will become available for download today, just few hours are left.

Read the rest of this entry »

Password Usage Behavior Survey, Take 2

June 15th, 2010 by Olga Koksharova

Hello! Yet again, we have launched a survey on password usage behavior.

Read the rest of this entry »

‘Casual and Secure’ Friday Post

May 14th, 2010 by Katerina Korolkova, Direktur Humas

German law has always been strict about any possible security breaches. This week German court ordered that anyone using wireless networks should protect them with a password so the third party could not download data illegally.  

Read the rest of this entry »

ATI is at it. Again.

May 12th, 2010 by Andrey Belenko

Two months ago I wrote a blog post "ATI and NVIDIA: Making Friends out of Enemies" where (among other things) I wrote:

Read the rest of this entry »

Elcomsoft iPhone Password Breaker

May 7th, 2010 by Andrey Belenko

Last week we have released our new product, EPPB, out of beta. We have fixed some bugs, polished GPU acceleration support, added support for Tableau TACC1441 hardware accelerator, making this program the world's first program capable of utilizing computing power of GPUs both from ATI and NVIDIA as well as dedicated hardware accelerators aimed primarily on computer forensics specialists. We have also included ability to run brute-force attacks and not only wordlist-based attacks. Latter were improved with ability to enable/disable individual types of password mutations and set customized level to any of them.

Read the rest of this entry »

ElcomSoft at EuroForensics 2010 in Turkey

April 2nd, 2010 by Alexandra Tsybulskaya

Hurrying to inform you about our adventures in one of the most beautiful cities of Euro-Asian region, Istanbul. This March we were lucky to have a chance of participating in a big forensics and security focused international event in Turkey, namely EuroForensics 2010, thanks to our Turkish partners Forensic People, organizers & hosts of the event.

Read the rest of this entry »

ATI and NVIDIA: Making Friends out of Enemies

March 12th, 2010 by Andrey Belenko

There had been a long standing competition between NVIDIA and ATI which has lasted for years now. And there is no winner so far — just like with Windows vs. Linux or PC vs. Mac debate there are ones who prefer the former and others who prefer the latter. Kind of «religious» issue.

Read the rest of this entry »