Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SRUM Forensics
Search
Veronica Schmitt
October 26, 2018
Technology
0
610
SRUM Forensics
Delving into the world of SRUM forensics.
Veronica Schmitt
October 26, 2018
Tweet
Share
More Decks by Veronica Schmitt
See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
velandra666
2
1k
Other Decks in Technology
See All in Technology
AIエージェント開発用SDKとローカルLLMをLINE Botと組み合わせてみた / LINEを使ったLT大会 #14
you
PRO
0
130
COVESA VSSによる車両データモデルの標準化とAWS IoT FleetWiseの活用
osawa
1
380
LLMを搭載したプロダクトの品質保証の模索と学び
qa
0
1.1k
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/06 - 2025/08
oracle4engineer
PRO
0
110
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
2
1.1k
まずはマネコンでちゃちゃっと作ってから、それをCDKにしてみよか。
yamada_r
2
120
MagicPod導入から半年、オープンロジQAチームで実際にやったこと
tjoko
0
110
「その開発、認知負荷高すぎませんか?」Platform Engineeringで始める開発者体験カイゼン術
sansantech
PRO
2
390
Rustから学ぶ 非同期処理の仕組み
skanehira
1
150
Snowflake×dbtを用いたテレシーのデータ基盤のこれまでとこれから
sagara
0
120
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
tsukaman
2
460
「何となくテストする」を卒業するためにプロダクトが動く仕組みを理解しよう
kawabeaver
0
430
Featured
See All Featured
How to train your dragon (web standard)
notwaldorf
96
6.2k
Git: the NoSQL Database
bkeepers
PRO
431
66k
Typedesign – Prime Four
hannesfritz
42
2.8k
Docker and Python
trallard
46
3.6k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
113
20k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
252
21k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
810
Mobile First: as difficult as doing things right
swwweet
224
9.9k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
It's Worth the Effort
3n
187
28k
Large-scale JavaScript Application Architecture
addyosmani
513
110k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Transcript
Veronica Schmitt
whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •
@P01z0n_P1x13 •
[email protected]
• www.dfirlabs.com
None
What does it monitor? 1 3 5 2 4
• • • • • • •
NOT AVAILABLE
None
None
None
SRUM Energy Usage (Long Term)
None
None
None
None
• Timestamps are in UTC in OLE format (64 bits)
and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
None
None
Prefetch file records start time of process, not duration
• Prefetch only retains last 8 start times, no record
of prior runs • SRUM can tell you if an app was run or not
None
Downloads to Ares and Utorrent and he was running OpenVPN
Application Resource Manager
None
None
Energy Usage
Well, what did we find...
• Utorrent and Ares downloading. • Network connected to and
total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity
Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS
None
velandra666
you
osawa
qa
oracle4engineer
error96num
yamada_r
tjoko
sansantech
skanehira
sagara
tsukaman
kawabeaver
notwaldorf
bkeepers
hannesfritz
trallard
panda_program
smashingmag
tammyeverts
swwweet
samlambert
3n
addyosmani
yeseniaperezcruz
