Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRUM Forensics

Avatar for Veronica Schmitt Veronica Schmitt
October 26, 2018
Technology
690
0

SRUM Forensics

Delving into the world of SRUM forensics.

Avatar for Veronica Schmitt

Veronica Schmitt

October 26, 2018

More Decks by Veronica Schmitt

See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
Avatar for Veronica Schmitt velandra666
2
1.1k

Other Decks in Technology

See All in Technology
Claude Code / Codex / Kiro に AWS 権限を 渡すとき、何を設計すべきか
Avatar for Kazuki Adachi k_adachi_01
6
1.9k
いつの間にかデータエンジニア以外の業務も増えていたけど、意外と経験が役に立ってる
Avatar for ZOZO Developers zozotech
PRO
0
730
Purview Endpoint DLP 動かしてみた
Avatar for kozakigh kozakigh
1
460
そのSLO 99.9%、本当に必要ですか? 〜優先度付きSLOによる責任共有の設計思想〜 / Is that 99.9% SLO really necessary? Design philosophy of shared responsibility through prioritized SLOs
Avatar for VTRyo vtryo
0
880
Oracle AI Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.7k
Oracle AI Database@Google Cloud:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.4k
AsyncStreamでマルチブロードキャストを実装する
Avatar for 1mash0 1mash0
1
180
コーディングエージェントはTypeScriptの 型エラーをどう自己修正しているのか
Avatar for Melonps melonps
3
250
Loadbalancing exporter internals
Avatar for ymotongpoo ymotongpoo
1
120
その英語学習、AWSで代替できませんか?
Avatar for Tatsuya suzutatsu
1
170
AIのために、AIを使った、Effect-TSからの脱却 〜テストを活用した安全なリファクタリングの進め方〜
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
PRO
1
180
PdM・Eng・QAで進めるAI駆動開発の現在地/aidd-with-pdm-eng-qa
Avatar for butatamasoba / Shota Kusaba / 草場翔太 shota_kusaba
0
260

Featured

See All Featured
From Legacy to Launchpad: Building Startup-Ready Communities
Avatar for Dug Song dugsong
0
210
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
96
14k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
118
110k
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
330
What does AI have to do with Human Rights?
Avatar for Per Axbom axbom
PRO
1
2.1k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
Avatar for Ines Montani inesmontani
PRO
3
3.5k
The browser strikes back
Avatar for Jono Alderson jonoalderson
0
1.1k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
7k
Unlocking the hidden potential of vector embeddings in international SEO
Avatar for Frank van Dijk frankvandijk
0
800
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
37
7.3k
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
432
67k

Transcript

  1. Veronica Schmitt

  2. whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •

    @P01z0n_P1x13 • [email protected] • www.dfirlabs.com
  3. None

  4. What does it monitor? 1 3 5 2 4

  5. • • • • • • •

  6. NOT AVAILABLE

  7. None
  8. None
  9. None

  10. SRUM Energy Usage (Long Term)

  11. None
  12. None
  13. None
  14. None

  15. • Timestamps are in UTC in OLE format (64 bits)

    and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
  16. None
  17. None

  18. Prefetch file records start time of process, not duration

  19. • Prefetch only retains last 8 start times, no record

    of prior runs • SRUM can tell you if an app was run or not
  20. None

  21. Downloads to Ares and Utorrent and he was running OpenVPN

  22. Application Resource Manager

  23. None
  24. None

  25. Energy Usage

  26. Well, what did we find...

  27. • Utorrent and Ares downloading. • Network connected to and

    total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity

  28. Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS

  29. None