Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SRUM Forensics
Search
Veronica Schmitt
October 26, 2018
Technology
0
450
SRUM Forensics
Delving into the world of SRUM forensics.
Veronica Schmitt
October 26, 2018
Tweet
Share
More Decks by Veronica Schmitt
See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
velandra666
2
830
Other Decks in Technology
See All in Technology
生産性向上チームの紹介
cybozuinsideout
PRO
1
870
Building a RAG-powered AI chat app with Python and VS Code
pamelafox
0
110
LayerXにおけるLLMプロダクト開発の今までとこれから
layerx
PRO
1
400
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
200
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
360
地理空間データ可視化・解析・活用ソリューション Pacific Spatial Solutions (PSS)
pacificspatialsolutions
0
300
Cypress or Playwright?
rainerhahnekamp
0
110
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
220
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
540
現代CSSフレームワークの内部実装とその仕組み
poteboy
7
3.6k
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
いつか使うかも貯金してたらめちゃめちゃ機能が増えてた話
riyaamemiya
0
360
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Designing for Performance
lara
601
67k
Design by the Numbers
sachag
274
18k
Documentation Writing (for coders)
carmenintech
60
3.9k
Happy Clients
brianwarren
92
6.4k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
BBQ
matthewcrist
80
8.8k
Facilitating Awesome Meetings
lara
42
5.6k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Transcript
Veronica Schmitt
whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •
@P01z0n_P1x13 •
[email protected]
• www.dfirlabs.com
None
What does it monitor? 1 3 5 2 4
• • • • • • •
NOT AVAILABLE
None
None
None
SRUM Energy Usage (Long Term)
None
None
None
None
• Timestamps are in UTC in OLE format (64 bits)
and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
None
None
Prefetch file records start time of process, not duration
• Prefetch only retains last 8 start times, no record
of prior runs • SRUM can tell you if an app was run or not
None
Downloads to Ares and Utorrent and he was running OpenVPN
Application Resource Manager
None
None
Energy Usage
Well, what did we find...
• Utorrent and Ares downloading. • Network connected to and
total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity
Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS
None
velandra666
cybozuinsideout
pamelafox
layerx
manarobot
maroon1st
pacificspatialsolutions
rainerhahnekamp
ryysud
lycorptech_jp
poteboy
aeonpeople
riyaamemiya
aarron
rmw
revolveconf
chriscoyier
lara
sachag
carmenintech
brianwarren
matthewcrist
dougneiner
