Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SRUM Forensics
Search
Veronica Schmitt
October 26, 2018
Technology
0
610
SRUM Forensics
Delving into the world of SRUM forensics.
Veronica Schmitt
October 26, 2018
Tweet
Share
More Decks by Veronica Schmitt
See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
velandra666
2
1k
Other Decks in Technology
See All in Technology
Geospatialの世界最前線を探る [2025年版]
dayjournal
0
170
ガバメントクラウド(AWS)へのデータ移行戦略の立て方【虎の巻】 / 20251011 Mitsutosi Matsuo
shift_evolve
PRO
2
170
PLaMoの事後学習を支える技術 / PFN LLMセミナー
pfn
PRO
9
4k
職種別ミートアップで社内から盛り上げる アウトプット文化の醸成と関係強化/ #DevRelKaigi
nishiuma
2
160
AIツールでどこまでデザインを忠実に実装できるのか
oikon48
6
3k
Shirankedo NOCで見えてきたeduroam/OpenRoaming運用ノウハウと課題 - BAKUCHIKU BANBAN #2
marokiki
0
170
三菱電機・ソニーグループ共同の「Agile Japan企業内サテライト」_2025
sony
0
110
"プロポーザルってなんか怖そう"という境界を超えてみた@TSUDOI by giftee Tech #1
shilo113
0
160
綺麗なデータマートをつくろう_データ整備を前向きに考える会 / Let's create clean data mart
brainpadpr
3
340
空間を設計する力を考える / 20251004 Naoki Takahashi
shift_evolve
PRO
4
440
M5製品で作るポン置きセルラー対応カメラ
sayacom
0
170
大規模サーバーレスAPIの堅牢性・信頼性設計 〜AWSのベストプラクティスから始まる現実的制約との向き合い方〜
maimyyym
4
3.4k
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.7k
For a Future-Friendly Web
brad_frost
180
9.9k
The World Runs on Bad Software
bkeepers
PRO
71
11k
How to Think Like a Performance Engineer
csswizardry
27
2k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
53k
How STYLIGHT went responsive
nonsquared
100
5.8k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
jQuery: Nuts, Bolts and Bling
dougneiner
64
7.9k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
54
3k
The Language of Interfaces
destraynor
162
25k
Transcript
Veronica Schmitt
whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •
@P01z0n_P1x13 •
[email protected]
• www.dfirlabs.com
None
What does it monitor? 1 3 5 2 4
• • • • • • •
NOT AVAILABLE
None
None
None
SRUM Energy Usage (Long Term)
None
None
None
None
• Timestamps are in UTC in OLE format (64 bits)
and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
None
None
Prefetch file records start time of process, not duration
• Prefetch only retains last 8 start times, no record
of prior runs • SRUM can tell you if an app was run or not
None
Downloads to Ares and Utorrent and he was running OpenVPN
Application Resource Manager
None
None
Energy Usage
Well, what did we find...
• Utorrent and Ares downloading. • Network connected to and
total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity
Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS
None
velandra666
dayjournal
shift_evolve
pfn
nishiuma
oikon48
marokiki
sony
shilo113
brainpadpr
sayacom
maimyyym
keavy
productmarketing
aleyda
brad_frost
bkeepers
csswizardry
aki_iinuma
nonsquared
samlambert
dougneiner
tammyeverts
destraynor
