What TRIM, DRAT, and DZAT Really Mean for SSD Forensics
June 2nd, 2025 by Oleg AfoninIf you’re doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs – especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to magnetic hard drives when it comes to recovering deleted evidence. This article breaks down what TRIM actually does, how SSDs respond, and what forensic experts need to know when handling modern storage.
Life after Trim: Using Factory Access Mode for Imaging SSD Drives
January 16th, 2019 by Oleg AfoninMany thanks to Roman Morozov, ACELab technical support specialist, for sharing his extensive knowledge and expertise and for all the time he spent ditching bugs in this article.
- iOS Forensic Toolkit 8.70: expanded Apple Watch support and offline agent installation15 May, 2025
- Elcomsoft System Recovery 8.34 adds features, enhances disk imaging speed29 April, 2025
- Elcomsoft System Recovery 8.33 adds built-in log viewer19 December, 2024
- iOS Forensic Toolkit 8.62: bug fixes and performance enhancements22 November, 2024
- Elcomsoft Distributed Password Recovery introduces intelligent load balancing, performance optimizations14 November, 2024