Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRUM Forensics

Avatar for Veronica Schmitt Veronica Schmitt
October 26, 2018
Technology
0
640

SRUM Forensics

Delving into the world of SRUM forensics.

Avatar for Veronica Schmitt

Veronica Schmitt

October 26, 2018
Tweet

More Decks by Veronica Schmitt

See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
Avatar for Veronica Schmitt velandra666
2
1.1k

Other Decks in Technology

See All in Technology
202512_AIoT.pdf
Avatar for AIxIoTビジネス共創ラボ iotcomjpadmin
0
200
スクラムを一度諦めたチームにアジャイルコーチが入ってどう変化したか / A Team's Second Try at Scrum with an Agile Coach
Avatar for 株式会社カオナビ kaonavi
0
200
20251225_たのしい出張報告&IgniteRecap!
Avatar for ponponmikan ponponmikankan
0
110
2025年 山梨の技術コミュニティを振り返る
Avatar for しみず ゆうき yuukis
0
150
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
10k
「駆動」って言葉、なんかカッコイイ_Mitz
Avatar for comucal comucal
PRO
0
140
AI に「学ばせ、調べさせ、作らせる」。Auth0 開発を加速させる7つの実践的アプローチ
Avatar for Satoshi Kobayashi scova0731
0
200
BidiAgent と Nova 2 Sonic から​考える音声 AI について
Avatar for Yuuki Yamashita yama3133
2
150
Java 25に至る道
Avatar for Yuichi.Sakuraba skrb
3
200
Sansan Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.6k
ファインディにおけるフロントエンド技術選定の歴史
Avatar for puku0x puku0x
2
1.4k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
2.9k

Featured

See All Featured
Paper Plane
Avatar for Katie Cordina Lindsey katiecoart
PRO
0
45k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.1k
Groundhog Day: Seeking Process in Gaming for Health
Avatar for Sebastian Deterding codingconduct
0
74
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
5.8k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
54
49k
Reality Check: Gamification 10 Years Later
Avatar for Sebastian Deterding codingconduct
0
2k
Game over? The fight for quality and originality in the time of robots
Avatar for Wayne Barker wayneb77
1
77
SEO Brein meetup: CTRL+C is not how to scale international SEO
Avatar for Linda Hogenes lindahogenes
0
2.3k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
HDC tutorial
Avatar for Michiel Stock michielstock
1
320
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
Avatar for Ryan Jones ryanjones
0
38
Getting science done with accelerated Python computing platforms
Avatar for Jacob Tomlinson jacobtomlinson
1
93

Transcript

  1. Veronica Schmitt

  2. whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •

    @P01z0n_P1x13 • [email protected] • www.dfirlabs.com
  3. None

  4. What does it monitor? 1 3 5 2 4

  5. • • • • • • •

  6. NOT AVAILABLE

  7. None
  8. None
  9. None

  10. SRUM Energy Usage (Long Term)

  11. None
  12. None
  13. None
  14. None

  15. • Timestamps are in UTC in OLE format (64 bits)

    and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
  16. None
  17. None

  18. Prefetch file records start time of process, not duration

  19. • Prefetch only retains last 8 start times, no record

    of prior runs • SRUM can tell you if an app was run or not
  20. None

  21. Downloads to Ares and Utorrent and he was running OpenVPN

  22. Application Resource Manager

  23. None
  24. None

  25. Energy Usage

  26. Well, what did we find...

  27. • Utorrent and Ares downloading. • Network connected to and

    total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity

  28. Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS

  29. None