Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRUM Forensics

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Veronica Schmitt Veronica Schmitt
October 26, 2018
Technology
0
660

SRUM Forensics

Delving into the world of SRUM forensics.

Avatar for Veronica Schmitt

Veronica Schmitt

October 26, 2018
Tweet

More Decks by Veronica Schmitt

See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
Avatar for Veronica Schmitt velandra666
2
1.1k

Other Decks in Technology

See All in Technology
Bill One 開発エンジニア 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
5
18k
Escape from Excel方眼紙 ~マークダウンで繋ぐ、人とAIの架け橋~ /nikkei-tech-talk44
Avatar for 日本経済新聞社 エンジニア採用事務局 nikkei_engineer_recruiting
0
190
AIエージェント勉強会第3回 エージェンティックAIの時代がやってきた
Avatar for Y.Miyado ymiya55
0
100
LLMに何を任せ、何を任せないか
Avatar for an cap120
10
4.1k
品質を経営にどう語るか #jassttokyo / Communicating the Strategic Value of Quality to Executive Leadership
Avatar for kyonmm kyonmm
PRO
3
1.2k
Phase03_ドキュメント管理
Avatar for overflow ,Inc overflowinc
0
2.3k
AI時代のIssue駆動開発のススメ
Avatar for Atsushi Nakatsugawa moongift
PRO
0
150
Phase09_自動化_仕組み化
Avatar for overflow ,Inc overflowinc
0
1.5k
ABEMAのバグバウンティの取り組み
Avatar for Kurochan kurochan
1
610
Phase06_ClaudeCode実践
Avatar for overflow ,Inc overflowinc
0
1.8k
データマネジメント戦略Night - 4社のリアルを語る会
Avatar for Tatsuya Koreeda ktatsuya
1
210
Goのerror型がシンプルであることの恩恵について理解する
Avatar for yamatai12 yamatai1212
1
300

Featured

See All Featured
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
220
Abbi's Birthday
Avatar for Violet Bock coloredviolet
2
5.6k
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
270
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
5.9k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
0
400
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
1
330
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
410
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
New Earth Scene 8
Avatar for Sydney Stone popppiees
1
1.8k
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
9
1.8k

Transcript

  1. Veronica Schmitt

  2. whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •

    @P01z0n_P1x13 • [email protected] • www.dfirlabs.com
  3. None

  4. What does it monitor? 1 3 5 2 4

  5. • • • • • • •

  6. NOT AVAILABLE

  7. None
  8. None
  9. None

  10. SRUM Energy Usage (Long Term)

  11. None
  12. None
  13. None
  14. None

  15. • Timestamps are in UTC in OLE format (64 bits)

    and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
  16. None
  17. None

  18. Prefetch file records start time of process, not duration

  19. • Prefetch only retains last 8 start times, no record

    of prior runs • SRUM can tell you if an app was run or not
  20. None

  21. Downloads to Ares and Utorrent and he was running OpenVPN

  22. Application Resource Manager

  23. None
  24. None

  25. Energy Usage

  26. Well, what did we find...

  27. • Utorrent and Ares downloading. • Network connected to and

    total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity

  28. Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS

  29. None