Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

SRUM Forensics

Avatar for Veronica Schmitt Veronica Schmitt
October 26, 2018
Technology
0
620

SRUM Forensics

Delving into the world of SRUM forensics.

Avatar for Veronica Schmitt

Veronica Schmitt

October 26, 2018
Tweet

More Decks by Veronica Schmitt

See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
Avatar for Veronica Schmitt velandra666
2
1k

Other Decks in Technology

See All in Technology
AI/MLのマルチテナント基盤を支えるコンテナ技術
Avatar for Preferred Networks pfn
PRO
5
750
Claude Code はじめてガイド -1時間で学べるAI駆動開発の基本と実践-
Avatar for Oikon oikon48
44
26k
Noを伝える技術2025: 爆速合意形成のためのNICOフレームワーク速習 #pmconf2025
Avatar for Aki / @LoveIdahoBurger aki_iinuma
2
1.5k
バグハンター視点によるサプライチェーンの脆弱性
Avatar for morioka12 scgajge12
2
550
AI活用によるPRレビュー改善の歩み ― 社内全体に広がる学びと実践
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
120
Oracle Database@Google Cloud:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
0
650
Eight Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
5.8k
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
980
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
4k
【5分でわかる】セーフィー エンジニア向け会社紹介
Avatar for Safie safie_recruit
0
37k
【AWS re:Invent 2025速報】AIビルダー向けアップデートをまとめて解説!
Avatar for みのるん minorun365
1
180
21st ACRi Webinar - AMD Presentation Slide (Nao Sumikawa)
Avatar for Nao Sumikawa nao_sumikawa
0
220

Featured

See All Featured
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
470
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3.2k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.2k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
Visualization
Avatar for Eitan Lees eitanlees
150
16k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
73
11k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
80
6.1k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
659
61k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
273
21k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k

Transcript

  1. Veronica Schmitt

  2. whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •

    @P01z0n_P1x13 • [email protected] • www.dfirlabs.com
  3. None

  4. What does it monitor? 1 3 5 2 4

  5. • • • • • • •

  6. NOT AVAILABLE

  7. None
  8. None
  9. None

  10. SRUM Energy Usage (Long Term)

  11. None
  12. None
  13. None
  14. None

  15. • Timestamps are in UTC in OLE format (64 bits)

    and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
  16. None
  17. None

  18. Prefetch file records start time of process, not duration

  19. • Prefetch only retains last 8 start times, no record

    of prior runs • SRUM can tell you if an app was run or not
  20. None

  21. Downloads to Ares and Utorrent and he was running OpenVPN

  22. Application Resource Manager

  23. None
  24. None

  25. Energy Usage

  26. Well, what did we find...

  27. • Utorrent and Ares downloading. • Network connected to and

    total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity

  28. Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS

  29. None