Analyzing the Windows SRUM Database
August 15th, 2025 by Oleg Afonin
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.
New password-cracking hardware
February 19th, 2010 by Vladimir Katalov
Some time ago we wrote about the smallest password cracking device. Not suitable for you? No problem, here is another one: not as small, but definitely more powerfull: Audi. Yes, it's a car. No, we're not kidding. Just read NVIDIA and Audi Marry Silicon Valley Technology with German Engineering press release from NVIDIA. Or if you need more information, The New MMI Generation from Audi might be also helpful. In brief: Audi A8 luxury sedan is equipped with an entertainment system that uses two GPUs from NVIDIA. We have no idea what are these chips (may be Fermi?) and is it technically possible to load our own code to them, but still funny, isn't it? 🙂
iPhone/iPod Backup Password Recovery
February 4th, 2010 by Andrey Belenko
Today we are pleased to unveil the first public beta of our new product, Elcomsoft iPhone Password Breaker, a tool designed to address password recovery of password-protected iPhone and iPod Touch backups made with iTunes.
It was Data Privacy Day… our warmest congratulations!
January 29th, 2010 by Olga Koksharova
ElcomSoft always have yet another pair of eyes for your privacy… 🙂
123 Out Goes… Your Password
January 22nd, 2010 by Katerina Korolkova, Direktur Humas
About a month ago, a SQL Injection flaw was found in the database of RockYou.com, a website dealing with social networking applications. The Tech Herald reports that 32.6 million passwords were exposed and posted online due to the flaw. The complete examination of the passwords from the list showed that the passwords in question are not only short as RockYou.com allows creating 5-character-passwords but also alphanumeric only.
The 5th China Computer Forensics Conference
December 17th, 2009 by Olga Koksharova
So, they are back from CCFC (Beijing) where Vladimir, Andrew, and Dmitry made their speeches and listened to those given by other reps. Here is a follow-up of the conference with nice shots kindly taken by a keen “shooter” Dmitry Sklyarov 😉 But first of all, we’d like to thank Sprite Guo for taking care of all preparations and perfect managing throughout the whole conference – our BIG thank you!
New sweeping WPA Cracker & its alternatives
December 8th, 2009 by Alexandra Tsybulskaya
It’s a well-know fact that WPA-PSK networks are vulnerable to dictionary attacks, though one cannot but admit that running a respectable-sized dictionary over a WPA network handshake can take days or weeks.
ElcomSoft at it-sa, Nuremberg, Germany
October 14th, 2009 by Katerina Korolkova, Direktur Humas
IT-SA-Expo goes on very well and our presentation at the Technical Forum (Forum Blau) was a success – thanks to Rene Mathes who gave out the presentation and 8com GmbH. The talk was about how one speeds up the hash recovery process with the parallelizing CUDA technology. If you happen to be in Nuremberg, Germany, visit our booth at Hall 6 (Stand 542).
Need to protect your VBA macro ? Simply damage the file !
October 8th, 2009 by Andrey Malyshev
One of our customers sent me two Excel XLA add-ins. When I tried to open that file in the VBA Editor — the "Project is locked" message appeared. Add-in has been already unlocked by our VBA password recovery tool. According to Microsoft article this message may appear in two cases: when the macro is protected by password or when it is digitally signed. I analysed the macro password record and found that the password is empty. MS Excel also showed me that macro have no any digital signatures. Then I looked into protection record with more attention and for example found that:
