Please turn JavaScript on
Homepage
TrendingMy newsFind FeedsDelivery settingsPlansMy earnings
HelpBlog
Log in
Find more feeds

ElcomSoft blog

Click on the "Follow" button below and you'll get the latest news from ElcomSoft blog via email, mobile or you can read them on your personal news page on this site.

You can unsubscribe anytime you want easily.

You can also choose the topics or keywords that you're interested in, so you receive only what you want.

ElcomSoft blog title: ElcomSoft blog

Is this your feed? Claim it!

Publisher:  Unclaimed!
Message frequency:  0.21 / day

Message History

Investigating Windows File System Artifacts Under C:\Windows

This guide continues our ongoing series exploring digital artifacts found on Windows computers and their practical meaning during an investigation. With each new topic, the puzzle becomes more complex because these traces rarely exist in isolation. Modern forensic best practices rely heavily on cross-checking different types of artifacts against one another. By connecting the...


Read full story
USB Device Forensics on Windows 10 and 11

With massive external hard drives and smartphones everywhere, the USB interface continues to be a major channel for data theft and malware infections. For anyone working in digital forensics and incident response, building a solid timeline of when a USB device was plugged in, used, and removed is often essential. Whether you are investigating a departing employee who might ha...


Read full story
Forensic Analysis of Windows 10 and 11 Event Logs

The discipline of digital forensics and incident response relies fundamentally on the persistent, systemic traces left by both legitimate users and malicious actors. The Windows Event Log system serves as a primary chronological record of operating system activity, capturing security events, application behaviors, service and driver activity, and user authentication telemetry...


Read full story
Perfect Acquisition: The True Physical Acquisition

The release of the checkm8 exploit was a breakthrough for mobile forensics, finally granting investigators verifiable access to the file systems of various Apple devices. This accessibility established the current “gold standard” for extraction: using the bootloader exploit to access the file system and dump it into a simple tar archive. While convenient, a tar archive is mer...


Read full story
Investigating Windows Registry

The Windows Registry remains one of the most information-dense repositories for reconstructing system activity and user behavior. Far more than a configuration database, it serves as a critical historical record of execution, data access, and persistence mechanisms across Windows 10 and 11. While automated forensic tools are essential for extracting and parsing this data, the...


Read full story