Analyzing the Windows SRUM Database
August 15th, 2025 by Oleg Afonin
When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windows 11 updates, SRUM collects detailed historical records about application usage and network activity. This database is a perfect source of data for reconstructing the user’s activities during an investigation. In this article, we’ll review the available types of data and demonstrate a way to access the SRUM database by using a bootable tool.
How to grow your graphics card effectiveness
April 17th, 2009 by Olga Koksharova
Water cooling, liquid nitrogen, and dry ice – which gets the most of your ATI Radeon HD 4890 graphics card? Learn it from Zac O’Vadka today’s post.
E-Discovery
April 16th, 2009 by Vladimir Katalov
If you have no idea what E-Discovery is, read Crossing the E-Discovery Border: IT and Legal. But if you do, I’d recommend attending this webinar anyway 🙂
Password cracking with Microsoft cofee
April 16th, 2009 by Vladimir Katalov
No, it’s no a typo :). COFEE means Computer Online Forensic Evidence Extractor, actually. Never heard about it? Then read Microsoft supplies Interpol with DIY forensics tool. Just don’t ask where to get it. We have not seen it either.
NEW: Rainbow Tables for password-protected Excel spreadsheets
April 16th, 2009 by Olga Koksharova
And now…. we have Rainbow Tables for Microsoft Excel docs with 40-bit encryption. So, it became possible to reach near-instant recovery of 97% of spreadsheets created in MS Excel 97-2003. Unfortunately, due to specificity of Excel spreadsheets format it’s unreal to get 100%-recovery, still, you can use brute force to cover the rest 3%.
Electronic records security and encryption
April 16th, 2009 by Vladimir Katalov
Sad information: Hackers grab more than 285M records in 2008. Just curious, how about Sarbanes-Oxley Act, does it really work? 🙂
Microsoft Office 14
April 16th, 2009 by Vladimir Katalov
According to CNET News, Office 14 technical preview will be available in Q3, and release version in the first half of 2010; Office 2010 will come in both 32-bit and 64-bit versions.
New ATI Radeon card
April 16th, 2009 by Vladimir Katalov
The only our product that works with ATI cards (right now) is Wireless Security Auditor, but interesting news anyway: ATI Radeon HD 4770 Info Leaked. I’ll second the editor’s opinion that it will make a good competition to NVIDIA’a 9800GT (of course, supported by EWSA, too).
“I bet you want the password, bet you wanna log in?”
April 16th, 2009 by Olga Koksharova
Nice lyrics stirs up hacker’s morning drowsy feelings 🙂
Smart Password Mutations Explained
April 15th, 2009 by Katerina Korolkova, Direktur Humas
Strong passwords are mutated passwords. Everyone who publishes recommendations on creating secure password says that you have to use both upper- and lower-case letters and inject some tricky special characters. Such recommendations may result in p@$$words and pAsswOrds, and p_a_s_s_w_o_r_d_s. The fact is that modern password recovery software uses dictionary attack to get one’s password back. Dictionary attack means searching lists of dictionary words and common phrases that can be found on the Internet or delivered with the software. It is easy to grab that dictionary words and word phrases make bad passwords, but one has to understand that adding special characters to these words and phrases does’t do them any good. Such password can be easily cracked when smart mutations option is on.
Great hot water supply
April 15th, 2009 by Olga Koksharova
Google made a video tour inside their premises. Looks like an amazing wire-n-hardware gathering:
