Analyzing the Windows SRUM Database

August 15th, 2025 by Oleg Afonin

When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.

Read the rest of this entry »

New password-cracking hardware

February 19th, 2010 by Vladimir Katalov

Some time ago we wrote about the smallest password cracking device. Not suitable for you? No problem, here is another one: not as small, but definitely more powerfull: Audi. Yes, it's a car. No, we're not kidding. Just read NVIDIA and Audi Marry Silicon Valley Technology with German Engineering press release from NVIDIA. Or if you need more information, The New MMI Generation from Audi might be also helpful. In brief: Audi A8 luxury sedan is equipped with an entertainment system that uses two GPUs from NVIDIA. We have no idea what are these chips (may be Fermi?) and is it technically possible to load our own code to them, but still funny, isn't it? 🙂

Read the rest of this entry »

iPhone/iPod Backup Password Recovery

February 4th, 2010 by Andrey Belenko

Today we are pleased to unveil the first public beta of our new product, Elcomsoft iPhone Password Breaker, a tool designed to address password recovery of password-protected iPhone and iPod Touch backups made with iTunes.

Read the rest of this entry »

It was Data Privacy Day… our warmest congratulations!

January 29th, 2010 by Olga Koksharova

ElcomSoft always have yet another pair of eyes for your privacy… 🙂

Read the rest of this entry »

123 Out Goes… Your Password

January 22nd, 2010 by Katerina Korolkova, Direktur Humas

About a month ago, a SQL Injection flaw was found in the database of RockYou.com, a website dealing with social networking applications. The Tech Herald reports that 32.6 million passwords were exposed and posted online due to the flaw. The complete examination of the passwords from the list showed that the passwords in question are not only short as RockYou.com allows creating 5-character-passwords but also alphanumeric only.

Read the rest of this entry »

The 5th China Computer Forensics Conference

December 17th, 2009 by Olga Koksharova

So, they are back from CCFC  (Beijing) where Vladimir, Andrew, and Dmitry made their speeches and listened to those given by other reps.  Here is a follow-up of the conference with nice shots kindly taken by a keen “shooter” Dmitry Sklyarov 😉 But first of all, we’d like to thank Sprite Guo for taking care of all preparations and perfect managing throughout the whole conference – our BIG thank you!

Read the rest of this entry »

New sweeping WPA Cracker & its alternatives

December 8th, 2009 by Alexandra Tsybulskaya

It’s a well-know fact that WPA-PSK networks are vulnerable to dictionary attacks, though one cannot but admit that running a respectable-sized dictionary over a WPA network handshake can take days or weeks.

Read the rest of this entry »

ElcomSoft at it-sa, Nuremberg, Germany

October 14th, 2009 by Katerina Korolkova, Direktur Humas

IT-SA-Expo goes on very well and our presentation at the Technical Forum (Forum Blau) was a success – thanks to Rene Mathes who gave out the presentation and 8com GmbH. The talk was about how one speeds up the hash recovery process with the parallelizing CUDA technology. If you happen to be in Nuremberg, Germany, visit our booth at Hall 6 (Stand 542).

Read the rest of this entry »

Need to protect your VBA macro ? Simply damage the file !

October 8th, 2009 by Andrey Malyshev

One of our customers sent me two Excel XLA add-ins. When I tried to open that file in the VBA Editor — the "Project is locked" message appeared. Add-in has been already unlocked by our VBA password recovery tool. According to Microsoft article this message may appear in two cases: when the macro is protected by password or when it is digitally signed. I analysed the macro password record and found that the password is empty. MS Excel also showed me that macro have no any digital signatures. Then I looked into protection record with more attention and for example found that:

Read the rest of this entry »