Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SRUM Forensics
Search
Veronica Schmitt
October 26, 2018
Technology
0
530
SRUM Forensics
Delving into the world of SRUM forensics.
Veronica Schmitt
October 26, 2018
Tweet
Share
More Decks by Veronica Schmitt
See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
velandra666
2
950
Other Decks in Technology
See All in Technology
権威ドキュメントで振り返る2024 #年忘れセキュリティ2024
hirotomotaguchi
2
740
複雑性の高いオブジェクト編集に向き合う: プラガブルなReactフォーム設計
righttouch
PRO
0
110
Amazon VPC Lattice 最新アップデート紹介 - PrivateLink も似たようなアップデートあったけど違いとは
bigmuramura
0
190
ずっと昔に Star をつけたはずの 思い出せない GitHub リポジトリを見つけたい!
rokuosan
0
150
生成AIをより賢く エンジニアのための RAG入門 - Oracle AI Jam Session #20
kutsushitaneko
4
220
Oracle Cloudの生成AIサービスって実際どこまで使えるの? エンジニア目線で試してみた
minorun365
PRO
4
280
PHPからGoへのマイグレーション for DMMアフィリエイト
yabakokobayashi
1
170
GitHub Copilot のテクニック集/GitHub Copilot Techniques
rayuron
33
13k
大幅アップデートされたRagas v0.2をキャッチアップ
os1ma
2
530
20241220_S3 tablesの使い方を検証してみた
handy
4
390
10個のフィルタをAXI4-Streamでつなげてみた
marsee101
0
170
Snykで始めるセキュリティ担当者とSREと開発者が楽になる脆弱性対応 / Getting started with Snyk Vulnerability Response
yamaguchitk333
2
180
Featured
See All Featured
Producing Creativity
orderedlist
PRO
341
39k
Fashionably flexible responsive web design (full day workshop)
malarkey
405
66k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.5k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.3k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Code Reviewing Like a Champion
maltzj
520
39k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.1k
Music & Morning Musume
bryan
46
6.2k
Optimising Largest Contentful Paint
csswizardry
33
3k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Transcript
Veronica Schmitt
whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •
@P01z0n_P1x13 •
[email protected]
• www.dfirlabs.com
None
What does it monitor? 1 3 5 2 4
• • • • • • •
NOT AVAILABLE
None
None
None
SRUM Energy Usage (Long Term)
None
None
None
None
• Timestamps are in UTC in OLE format (64 bits)
and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
None
None
Prefetch file records start time of process, not duration
• Prefetch only retains last 8 start times, no record
of prior runs • SRUM can tell you if an app was run or not
None
Downloads to Ares and Utorrent and he was running OpenVPN
Application Resource Manager
None
None
Energy Usage
Well, what did we find...
• Utorrent and Ares downloading. • Network connected to and
total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity
Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS
None
velandra666
hirotomotaguchi
righttouch
bigmuramura
rokuosan
kutsushitaneko
minorun365
yabakokobayashi
rayuron
os1ma
handy
marsee101
yamaguchitk333
orderedlist
malarkey
bluesmoon
chriscoyier
aarron
eileencodes
yeseniaperezcruz
maltzj
reverentgeek
bryan
csswizardry
afnizarnur
