Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SRUM Forensics
Search
Veronica Schmitt
October 26, 2018
Technology
0
540
SRUM Forensics
Delving into the world of SRUM forensics.
Veronica Schmitt
October 26, 2018
Tweet
Share
More Decks by Veronica Schmitt
See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
velandra666
2
980
Other Decks in Technology
See All in Technology
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
550
Cracking the Coding Interview 6th Edition
gdplabs
14
28k
User Story Mapping + Inclusive Team
kawaguti
PRO
3
620
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
19k
【Snowflake九州ユーザー会#2】BigQueryとSnowflakeを比較してそれぞれの良し悪しを掴む / BigQuery vs Snowflake: Pros & Cons
civitaspo
5
1.6k
AIエージェント開発のノウハウと課題
pharma_x_tech
10
5.7k
開発者体験を定量的に把握する手法と活用事例
ham0215
0
160
アジャイルな開発チームでテスト戦略の話は誰がする? / Who Talks About Test Strategy?
ak1210
1
920
20250307_エンジニアじゃないけどAzureはじめてみた
ponponmikankan
2
270
JAWS FESTA 2024「バスロケ」GPS×サーバーレスの開発と運用の舞台裏/jawsfesta2024-bus-gps-serverless
ma2shita
3
420
アジリティを高めるテストマネジメント #QiitaQualityForward
makky_tyuyan
1
540
AIエージェント時代のエンジニアになろう #jawsug #jawsdays2025 / 20250301 Agentic AI Engineering
yoshidashingo
9
4.4k
Featured
See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
390
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
13
1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
134
33k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Statistics for Hackers
jakevdp
797
220k
Music & Morning Musume
bryan
46
6.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
The Invisible Side of Design
smashingmag
299
50k
Transcript
Veronica Schmitt
whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •
@P01z0n_P1x13 •
[email protected]
• www.dfirlabs.com
None
What does it monitor? 1 3 5 2 4
• • • • • • •
NOT AVAILABLE
None
None
None
SRUM Energy Usage (Long Term)
None
None
None
None
• Timestamps are in UTC in OLE format (64 bits)
and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
None
None
Prefetch file records start time of process, not duration
• Prefetch only retains last 8 start times, no record
of prior runs • SRUM can tell you if an app was run or not
None
Downloads to Ares and Utorrent and he was running OpenVPN
Application Resource Manager
None
None
Energy Usage
Well, what did we find...
• Utorrent and Ares downloading. • Network connected to and
total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity
Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS
None
velandra666
oracle4engineer
gdplabs
kawaguti
safie_recruit
civitaspo
.png){kind=icon}
pharma_x_tech
ham0215
ak1210
ponponmikankan
ma2shita
makky_tyuyan
yoshidashingo
garrettdimon
chrisshort
marktimemedia
addyosmani
honnibal
eileencodes
chriscoyier
destraynor
jakevdp
bryan
caitiem20
smashingmag
