Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRUM Forensics

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Veronica Schmitt Veronica Schmitt
October 26, 2018
Technology
680
0

SRUM Forensics

Delving into the world of SRUM forensics.

Avatar for Veronica Schmitt

Veronica Schmitt

October 26, 2018

More Decks by Veronica Schmitt

See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
Avatar for Veronica Schmitt velandra666
2
1.1k

Other Decks in Technology

See All in Technology
インターネットの技術 / Internet technology
Avatar for Kenji Saito ks91
PRO
0
210
目的ファーストのハーネス設計 ~ハーネスの変更容易性を高めるための優先順位~
Avatar for Gota gotalab555
8
2.2k
これからの「データマネジメント」の話をしよう
Avatar for SansanTech sansantech
PRO
0
110
PicoRuby as a Multi-VM Operating System
Avatar for Katsuhiko Kageyama kishima
1
110
ぼくがかんがえたさいきょうのあうとぷっと
Avatar for Yuuki Yamashita yama3133
0
190
AIはハッカーを減らすのか、増やすのか?──現役ホワイトハッカーから見るAI時代のリアル【MEGU-Meet】
Avatar for サイバーセキュリティクラウド cscengineer
0
170
Keeping Ruby Running on Cygwin
Avatar for fd0 fd0
0
160
Amazon S3 Filesについて
Avatar for Yuuki Yamashita yama3133
2
210
2026年、知っておくべき最新 サーバレスTips10選/serverless-10-tips
Avatar for Serverless Operations slsops
13
5.2k
[最強DB講義]推薦システム | 基礎編
Avatar for RecSysLab recsyslab
PRO
1
170
AI時代のガードレールとしてのAPIガバナンス
Avatar for 草薙昭彦 nagix
0
290
マルチエージェント × ハーネスエンジニアリング × GitLab Duo Agent Platformで実現する「AIエージェントに仕事をさせる時代へ。」 / 20260421 GitLab Duo Agent Platform
Avatar for Niishi Kubo n11sh1
0
170

Featured

See All Featured
Designing Experiences People Love
Avatar for Jonathan Moore moore
143
24k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.8k
Highjacked: Video Game Concept Design
Avatar for Ryan Kendrick rkendrick25
PRO
1
340
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
64
54k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
770
BBQ
Avatar for Matthew Crist matthewcrist
89
10k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
62
53k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
211
24k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
191
11k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k

Transcript

  1. Veronica Schmitt

  2. whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •

    @P01z0n_P1x13 • [email protected] • www.dfirlabs.com
  3. None

  4. What does it monitor? 1 3 5 2 4

  5. • • • • • • •

  6. NOT AVAILABLE

  7. None
  8. None
  9. None

  10. SRUM Energy Usage (Long Term)

  11. None
  12. None
  13. None
  14. None

  15. • Timestamps are in UTC in OLE format (64 bits)

    and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
  16. None
  17. None

  18. Prefetch file records start time of process, not duration

  19. • Prefetch only retains last 8 start times, no record

    of prior runs • SRUM can tell you if an app was run or not
  20. None

  21. Downloads to Ares and Utorrent and he was running OpenVPN

  22. Application Resource Manager

  23. None
  24. None

  25. Energy Usage

  26. Well, what did we find...

  27. • Utorrent and Ares downloading. • Network connected to and

    total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity

  28. Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS

  29. None