Analyzing the Windows SRUM Database
August 15th, 2025 by Oleg Afonin
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.
CCFC 2010
July 1st, 2010 by Andrey Belenko
For the third time we've been invited to Beijing, China to participate in CCFC (China Computer Forensic Conference), to talk about password recovery and to conduct workshop on password recovery tools. Like two previous times, this time CCFC also was great. Lots of visitors, very nice audience and lots of smart questions. On the first day of conference I gave a talk on password recovery (mostly very generic and not very in-depth) and I'd like to share slides of that talk.
0-day
June 21st, 2010 by Andrey Belenko
It’s been two weeks since Steve Jobs has announced release of new iPhone 4 and iOS 4 operating system during his keynote on WWDC’2010. New iPhone will begin shipping on Thursday, 24th of June, and new iOS will become available for download today, just few hours are left.
Password Usage Behavior Survey, Take 2
June 15th, 2010 by Olga Koksharova
Hello! Yet again, we have launched a survey on password usage behavior.
‘Casual and Secure’ Friday Post
May 14th, 2010 by Katerina Korolkova, Direktur Humas
German law has always been strict about any possible security breaches. This week German court ordered that anyone using wireless networks should protect them with a password so the third party could not download data illegally.
ATI is at it. Again.
May 12th, 2010 by Andrey Belenko
Two months ago I wrote a blog post "ATI and NVIDIA: Making Friends out of Enemies" where (among other things) I wrote:
Elcomsoft iPhone Password Breaker
May 7th, 2010 by Andrey Belenko
Last week we have released our new product, EPPB, out of beta. We have fixed some bugs, polished GPU acceleration support, added support for Tableau TACC1441 hardware accelerator, making this program the world's first program capable of utilizing computing power of GPUs both from ATI and NVIDIA as well as dedicated hardware accelerators aimed primarily on computer forensics specialists. We have also included ability to run brute-force attacks and not only wordlist-based attacks. Latter were improved with ability to enable/disable individual types of password mutations and set customized level to any of them.
ElcomSoft at EuroForensics 2010 in Turkey
April 2nd, 2010 by Alexandra Tsybulskaya
Hurrying to inform you about our adventures in one of the most beautiful cities of Euro-Asian region, Istanbul. This March we were lucky to have a chance of participating in a big forensics and security focused international event in Turkey, namely EuroForensics 2010, thanks to our Turkish partners Forensic People, organizers & hosts of the event.
ATI and NVIDIA: Making Friends out of Enemies
March 12th, 2010 by Andrey Belenko
There had been a long standing competition between NVIDIA and ATI which has lasted for years now. And there is no winner so far — just like with Windows vs. Linux or PC vs. Mac debate there are ones who prefer the former and others who prefer the latter. Kind of «religious» issue.
