When it comes to Windows forensics, some of the most valuable evidence can be stored deep inside system directories the average user never touches. One such source of evidence is the System Resource Usage Monitor (SRUM) database. Introduced in Windows 8 and still shipping today with the latest Windo| ElcomSoft blog
Artificial intelligence is everywhere - from phones that guess your next move to fridges that shop for you. It's only natural to ask whether AI can help in a more serious domain: digital forensics, specifically password cracking. The idea sounds promising: use large language models (LLMs) to produce| ElcomSoft blog
If you're doing forensic work today, odds are you’re imaging SSDs, not just spinning hard drives. And SSDs don’t behave like HDDs - especially when it comes to deleted files. One key reason: the TRIM command. TRIM makes SSDs behave different to magnetic hard drives when it comes to recovering delete| ElcomSoft blog
We've released an important update to iOS Forensic Toolkit: the Toolkit expands logical acquisition to all newer models of Apple Watch starting from Apple Watch Series 6 (with a wired third-party adapter), Apple Watch Series 7 through 10, SE2, Ultra, and Ultra 2 (via a special wireless adapter). Wit| ElcomSoft blog
We updated Elcomsoft System Recovery to version 8.34. This release focuses on expanding the tool's data acquisition capabilities, improving disk imaging performance, and adding BitLocker recovery key extraction for systems managed via Active Directory. Here's a technical breakdown of the changes.| ElcomSoft blog
Forensic acquisition has undergone significant changes in recent years. In the past, acquisition was relatively easy, with storage media easily separable and disk encryption not yet widespread. However, with the rise of mobile devices and their built-in encryption capabilities, acquiring data has be| ElcomSoft blog
We recently shared an article about maximizing disk imaging speeds, which sparked a lot of feedback from our users and, surprisingly, from the developers of one of the disk imaging tools who quickly released an update addressing the issues we discovered in the initial test round. We did an additiona| ElcomSoft blog
Low-level extraction enables access to all the data stored in the iOS device. Previously, sideloading the extraction agent for imaging the file system and decrypting keychain required enrolling one’s Apple ID into Apple’s paid Developer Program if one used a Windows or Linux PC. Mac users could util| ElcomSoft blog
In a controversial move, Apple is implementing major changes to its U.S. iOS App Store policies, granting developers the ability to direct customers to non-App Store purchasing options for digital goods. This update permits users to make in-app purchases through an alternative method. However, Apple| ElcomSoft blog