Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SRUM Forensics

Avatar for Veronica Schmitt Veronica Schmitt
October 26, 2018
Technology
0
640

SRUM Forensics

Delving into the world of SRUM forensics.

Avatar for Veronica Schmitt

Veronica Schmitt

October 26, 2018
Tweet

More Decks by Veronica Schmitt

See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
Avatar for Veronica Schmitt velandra666
2
1.1k

Other Decks in Technology

See All in Technology
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
Avatar for Toru Makabe torumakabe
1
530
GSIが複数キー対応したことで、俺達はいったい何が嬉しいのか?
Avatar for Makky12 smt7174
3
150
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
Avatar for shibayu36 shibayu36
0
220
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
1
430
Amazon Bedrock Knowledge Basesチャンキング解説!
Avatar for 野口碧生 aoinoguchi
0
130
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
Avatar for Yudai Jinno yuu551
0
210
学生・新卒・ジュニアから目指すSRE
Avatar for Hiroya Onoe hiroyaonoe
2
590
usermode linux without MMU - fosdem2026 kernel devroom
Avatar for Hajime Tazaki thehajime
0
230
ブロックテーマでサイトをリニューアルした話 / 2026-01-31 Kansai WordPress Meetup
Avatar for Toro_Unit (Hiroshi Urabe) torounit
0
460
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
Avatar for AEON aeonpeople
1
220
IaaS/SaaS管理における SREの実践 - SRE Kaigi 2026
Avatar for Shun bbqallstars
4
2.1k
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
Avatar for Miki Matsumoto mikimatsumoto
0
220

Featured

See All Featured
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
37
7.1k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
0
1.1k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
4.2k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
0
3.4k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
269
14k
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
0
110
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
281
24k
Groundhog Day: Seeking Process in Gaming for Health
Avatar for Sebastian Deterding codingconduct
0
92
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
Avatar for Aleyda Solis aleyda
0
1.9k
Ethics towards AI in product and experience design
Avatar for Skipper Chong Warson skipperchong
2
190
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
410
The Illustrated Guide to Node.js - THAT Conference 2024
Avatar for David Neal reverentgeek
0
250

Transcript

  1. Veronica Schmitt

  2. whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •

    @P01z0n_P1x13 • [email protected] • www.dfirlabs.com
  3. None

  4. What does it monitor? 1 3 5 2 4

  5. • • • • • • •

  6. NOT AVAILABLE

  7. None
  8. None
  9. None

  10. SRUM Energy Usage (Long Term)

  11. None
  12. None
  13. None
  14. None

  15. • Timestamps are in UTC in OLE format (64 bits)

    and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
  16. None
  17. None

  18. Prefetch file records start time of process, not duration

  19. • Prefetch only retains last 8 start times, no record

    of prior runs • SRUM can tell you if an app was run or not
  20. None

  21. Downloads to Ares and Utorrent and he was running OpenVPN

  22. Application Resource Manager

  23. None
  24. None

  25. Energy Usage

  26. Well, what did we find...

  27. • Utorrent and Ares downloading. • Network connected to and

    total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity

  28. Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS

  29. None