Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SRUM Forensics
Search
Veronica Schmitt
October 26, 2018
Technology
0
530
SRUM Forensics
Delving into the world of SRUM forensics.
Veronica Schmitt
October 26, 2018
Tweet
Share
More Decks by Veronica Schmitt
See All by Veronica Schmitt
The Autopsy of the PHOENIX X36 Hemodialysis System
velandra666
2
970
Other Decks in Technology
See All in Technology
教師なし学習の基礎
kanojikajino
4
360
パフォーマンスとコスト改善のために法人データ分析基盤をBigQueryに移行した話
seiya303
1
100
2025/1/29 BigData-JAWS 勉強会 #28 (re:Invent 2024 re:Cap)/new-feature-preview-q-in-quicksight-scenarios-tried-and-tested
emiki
0
310
エラーバジェット枯渇の原因 - 偽陽性との戦い -
phaya72
1
100
Server Side Swift 実践レポート: 2024年に案件で採用して見えた課題と可能性
yusuga
1
420
[TechNight #86] Oracle GoldenGate - 23ai 最新情報&プロジェクトからの学び
oracle4engineer
PRO
1
170
バクラクの組織とアーキテクチャ(要約)2025/01版
shkomine
13
3k
Amazon Location Serviceを使ってラーメンマップを作る
ryder472
2
160
Tokyo RubyKaigi 12 - Scaling Ruby at GitHub
jhawthorn
2
210
BLEAでAWSアカウントのセキュリティレベルを向上させよう
koheiyoshikawa
0
140
Skip Skip Run Run Run ♫
temoki
0
360
Redshiftを中心としたAWSでのデータ基盤
mashiike
0
100
Featured
See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
Building an army of robots
kneath
302
45k
Producing Creativity
orderedlist
PRO
343
39k
Rails Girls Zürich Keynote
gr2m
94
13k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.6k
A better future with KSS
kneath
238
17k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
It's Worth the Effort
3n
184
28k
GraphQLとの向き合い方2022年版
quramy
44
13k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
113
50k
Thoughts on Productivity
jonyablonski
68
4.4k
Speed Design
sergeychernyshev
25
760
Transcript
Veronica Schmitt
whoami Veronica Schmitt P01z0n_P1x13 Slides Published online: • https://medium.com/ •
@P01z0n_P1x13 •
[email protected]
• www.dfirlabs.com
None
What does it monitor? 1 3 5 2 4
• • • • • • •
NOT AVAILABLE
None
None
None
SRUM Energy Usage (Long Term)
None
None
None
None
• Timestamps are in UTC in OLE format (64 bits)
and FILETIME format (64 bits) • Network interfaces are specified as InterfaceLuid (NET_LUID)
None
None
Prefetch file records start time of process, not duration
• Prefetch only retains last 8 start times, no record
of prior runs • SRUM can tell you if an app was run or not
None
Downloads to Ares and Utorrent and he was running OpenVPN
Application Resource Manager
None
None
Energy Usage
Well, what did we find...
• Utorrent and Ares downloading. • Network connected to and
total downloads. • TOR being used • Veracrypt • Ccleaner being run. • OpenVPN being used • Skype Activity • Viber Chat Activity
Using srum-dump-master https://github.com/MarkBaggett/srum-dump LET'S DO THIS
None
velandra666
kanojikajino
seiya303
emiki
phaya72
yusuga
oracle4engineer
shkomine
ryder472
jhawthorn
koheiyoshikawa
temoki
mashiike
jponch
kneath
orderedlist
gr2m
dougneiner
erikaheidi
3n
quramy
aki_iinuma
jonyablonski
sergeychernyshev
