Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRUM Forensics

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Veronica Schmitt Veronica Schmitt
October 26, 2018
Technology
0
640

SRUM Forensics

Delving into the world of SRUM forensics.

Avatar for Veronica Schmitt

Veronica Schmitt

October 26, 2018
Tweet

More Decks by Veronica Schmitt

See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
Avatar for Veronica Schmitt velandra666
2
1.1k

Other Decks in Technology

See All in Technology
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
Avatar for Konishi tatsuhiro tatsukoni
0
210
30万人の同時アクセスに耐えたい!新サービスの盤石なリリースを支える負荷試験 / SRE Kaigi 2026
Avatar for GENDA genda
4
1.3k
AI駆動開発を事業のコアに置く
Avatar for 鬼澤輔 tasukuonizawa
1
170
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
250
20260208_第66回 コンピュータビジョン勉強会
Avatar for KeiichiIto1978 keiichiito1978
0
130
We Built for Predictability; The Workloads Didn’t Care
Avatar for Michael Stahnke stahnma
0
140
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
Avatar for msysh msysh
3
170
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
Avatar for SansanTech sansantech
PRO
3
1.5k
~Everything as Codeを諦めない~ 後からCDK
Avatar for mu7889yoon / Yuta Nakamura mu7889yoon
3
330
Introduction to Sansan for Engineers / エンジニア向け会社紹介
Avatar for Sansan, Inc. sansan33
PRO
6
68k
広告の効果検証を題材にした因果推論の精度検証について
Avatar for ZOZO Developers zozotech
PRO
0
170
プロダクト成長を支える開発基盤とスケールに伴う課題
Avatar for yuu26 yuu26
4
1.3k

Featured

See All Featured
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
24k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
1
54
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
Avatar for Liv Day livdayseo
0
64
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
191
11k
Design in an AI World
Avatar for tapps tapps
0
140
What the history of the web can teach us about the future of AI
Avatar for Ines Montani inesmontani
PRO
1
430
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
Avatar for Szymon szymonslowik
1
910
Leo the Paperboy
Avatar for Maya Tellez mayatellez
4
1.4k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
5.8k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
270
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.7k
エンジニアに許された特別な時間の終わり
Avatar for watany watany
106
230k

Transcript

  1. Veronica Schmitt

  2. whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •

    @P01z0n_P1x13 • [email protected] • www.dfirlabs.com
  3. None

  4. What does it monitor? 1 3 5 2 4

  5. • • • • • • •

  6. NOT AVAILABLE

  7. None
  8. None
  9. None

  10. SRUM Energy Usage (Long Term)

  11. None
  12. None
  13. None
  14. None

  15. • Timestamps are in UTC in OLE format (64 bits)

    and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
  16. None
  17. None

  18. Prefetch file records start time of process, not duration

  19. • Prefetch only retains last 8 start times, no record

    of prior runs • SRUM can tell you if an app was run or not
  20. None

  21. Downloads to Ares and Utorrent and he was running OpenVPN

  22. Application Resource Manager

  23. None
  24. None

  25. Energy Usage

  26. Well, what did we find...

  27. • Utorrent and Ares downloading. • Network connected to and

    total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity

  28. Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS

  29. None