Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRUM Forensics

Avatar for Veronica Schmitt Veronica Schmitt
October 26, 2018
Technology
0
600

SRUM Forensics

Delving into the world of SRUM forensics.

Avatar for Veronica Schmitt

Veronica Schmitt

October 26, 2018
Tweet

More Decks by Veronica Schmitt

See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
Avatar for Veronica Schmitt velandra666
2
1k

Other Decks in Technology

See All in Technology
メモ整理が苦手な者による頑張らないObsidian活用術
Avatar for OPTiM optim
1
160
モバイルゲームの開発を支える基盤の歩み ~再現性のある開発ラインを量産する秘訣~
Avatar for QualiArts qualiarts
0
920
人と生成AIの協調意思決定/Co‑decision making by people and generative AI
Avatar for moriyuya moriyuya
0
220
【CEDEC2025】LLMを活用したゲーム開発支援と、生成AIの利活用を進める組織的な取り組み
Avatar for Cygames cygames
PRO
1
2k
大規模イベントを支える ABEMA の アーキテクチャ 変遷 2025
Avatar for Katsutoshi Nagaoka nagapad
4
580
P2P ではじめる WebRTC のつまづきどころ
Avatar for tnoho tnoho
1
280
怖くない!GritQLでBiomeプラグインを作ろうよ
Avatar for 晴れ井戸 pal4de
1
150
AI時代の経営、Bet AI Vision #BetAIDay
Avatar for LayerX layerx
PRO
0
210
生成AIによる情報システムへのインパクト
Avatar for Takaaki Yayoi taka_aki
1
220
AI時代の知識創造 ─GeminiとSECIモデルで読み解く “暗黙知”と創造の境界線
Avatar for Yukinaga OISHI nyagasan
0
170
増え続ける脆弱性に立ち向かう: 事前対策と優先度づけによる 持続可能な脆弱性管理 / Confronting the Rise of Vulnerabilities: Sustainable Management Through Proactive Measures and Prioritization
Avatar for NTT docomo Business nttcom
1
230
公開初日に個人環境で試した Gemini CLI 体験記など / Gemini CLI実験レポート
Avatar for you(@youtoy) you
PRO
3
1.2k

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
35
2.5k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
223
9.7k
Making Projects Easy
Avatar for Brett Harned brettharned
117
6.3k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
351
21k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.7k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
5.9k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
25
1.8k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
524
40k
Side Projects
Avatar for Sacha Greif sachag
455
43k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
53
2.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
45
7.5k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
272
27k

Transcript

  1. Veronica Schmitt

  2. whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •

    @P01z0n_P1x13 • [email protected] • www.dfirlabs.com
  3. None

  4. What does it monitor? 1 3 5 2 4

  5. • • • • • • •

  6. NOT AVAILABLE

  7. None
  8. None
  9. None

  10. SRUM Energy Usage (Long Term)

  11. None
  12. None
  13. None
  14. None

  15. • Timestamps are in UTC in OLE format (64 bits)

    and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
  16. None
  17. None

  18. Prefetch file records start time of process, not duration

  19. • Prefetch only retains last 8 start times, no record

    of prior runs • SRUM can tell you if an app was run or not
  20. None

  21. Downloads to Ares and Utorrent and he was running OpenVPN

  22. Application Resource Manager

  23. None
  24. None

  25. Energy Usage

  26. Well, what did we find...

  27. • Utorrent and Ares downloading. • Network connected to and

    total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity

  28. Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS

  29. None