ElcomSoft blog

Analyzing the Windows SRUM Database

August 15th, 2025 by Oleg Afonin

When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.

Read the rest of this entry »

The era of cyber tsars

May 27th, 2009 by Olga Koksharova

It seems like monarchy is to reign in the cyber world. During the last weeks mass media heavily speak about the need of finding a proper authority who will be responsible for electronic information security issues: Obama seeks one for the White House, whereas EU commissioner for information society and media (Viviane Reding) announces that "Europe needs a ‘Mister Cyber Security’ as we have a ‘Mister Foreign Affairs’, a security tsar with authority to act immediately if a cyber attack is underway.”

Read the rest of this entry »

Intel news: Larrabee delayed, Nehalem-EX Xeon previewed

May 27th, 2009 by Vladimir Katalov

First of all, sad news: Intel Larrabee is delayed till 2010 (we were expecting it in Q4’2009), according to the reports. With 32 cores onboard (though this number is not confirmed yet), it looks like a very good system for password cracking. Some Larrabee development tools and resources are already available, and of course, we’re porting our code to this platform, and will share the results with you as soon as we’ll be able to (we’re under the NDA with Intel; as well as with Nvidia and AMD :)).

Read the rest of this entry »

Living to the 64-bit rhythms

May 26th, 2009 by Olga Koksharova

All modern AMD and Intel processors are 64-bit and corresponding Windows versions are also on the market. It is highly recommended to use 64-bit systems (though 32-bit systems perfectly work on 64-bit processors) because in this case more than 3 Gb RAM can be employed, and today we have lots and lots of 64-bit systems, so it’s getting more and more critical.

Read the rest of this entry »

Adobe PDF security

May 22nd, 2009 by Vladimir Katalov

Wow, Adobe rethinks PDF security. Curious why? Because of vulnerabilities in Abobe Reader (and so zero-day exploits), of course. From the article:

Read the rest of this entry »

Best graphics cards

May 22nd, 2009 by Vladimir Katalov

We wrote about Cost-effective video cards recently, but what about better ones, if the prise does not really matter? Just read Best Of The Best: High-End Graphics Card Roundup at Tom’s Hardware. Large. Expensive. Power-consuming. But really fast — so best choice if you deal with GPU acceleration.

Read the rest of this entry »

Thunder Tables™ Explained

May 21st, 2009 by Andrey Belenko

From time to time we’re receiving questions regarding various technologies used in our products, especially Thunder Tables™ and GPU acceleration. Today I’d like to explain what exactly Thunder Tables™ is (and what it’s not).

Read the rest of this entry »

Frequently Asked Question: Advanced Office Password RECOVERY or Advanced Office Password BREAKER?

May 20th, 2009 by Olga Koksharova

Time is money, difficult to contradict this fact. And another proven fact is that you lose something exactly when something turns out to be absolutely necessary. Once you lost a password to your Word document or presentation that you were going to give in an hour, or Excel report which was supposed to be sent to your manager yesterday… you will count seconds before you get back your files.

Read the rest of this entry »