Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SRUM Forensics
Search
Veronica Schmitt
October 26, 2018
Technology
0
520
SRUM Forensics
Delving into the world of SRUM forensics.
Veronica Schmitt
October 26, 2018
Tweet
Share
More Decks by Veronica Schmitt
See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
velandra666
2
940
Other Decks in Technology
See All in Technology
複雑なState管理からの脱却
sansantech
PRO
1
140
ハイパーパラメータチューニングって何をしているの
toridori_dev
0
140
いざ、BSC討伐の旅
nikinusu
2
780
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
3.2k
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
300
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
28
12k
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
TypeScript、上達の瞬間
sadnessojisan
46
13k
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
410
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
20241120_JAWS_東京_ランチタイムLT#17_AWS認定全冠の先へ
tsumita
2
250
Featured
See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Designing for Performance
lara
604
68k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
It's Worth the Effort
3n
183
27k
Being A Developer After 40
akosma
86
590k
Designing Experiences People Love
moore
138
23k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Scaling GitHub
holman
458
140k
Producing Creativity
orderedlist
PRO
341
39k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Transcript
Veronica Schmitt
whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •
@P01z0n_P1x13 •
[email protected]
• www.dfirlabs.com
None
What does it monitor? 1 3 5 2 4
• • • • • • •
NOT AVAILABLE
None
None
None
SRUM Energy Usage (Long Term)
None
None
None
None
• Timestamps are in UTC in OLE format (64 bits)
and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
None
None
Prefetch file records start time of process, not duration
• Prefetch only retains last 8 start times, no record
of prior runs • SRUM can tell you if an app was run or not
None
Downloads to Ares and Utorrent and he was running OpenVPN
Application Resource Manager
None
None
Energy Usage
Well, what did we find...
• Utorrent and Ares downloading. • Network connected to and
total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity
Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS
None
velandra666
sansantech
toridori_dev
nikinusu
oracle4engineer
bbrbbq
smt7174
sadnessojisan
negi111111
fumiyasac0921
tsumita
garrettdimon
lara
irinanazarova
3n
akosma
moore
eileencodes
holman
orderedlist
dougneiner
samlambert
