Windows SRUM Forensics

As a continuation of the "Introduction to Windows Forensics" series, this video introduces the System Resource Utilization Monitor (SRUM). This artifact is often left unmentioned by many forensics books and online resources. SRUM was first introduced in Windows 8, and was a new feature designed to track system resource utilization such as CPU cycles, network activity, power consumption, etc. We can use the data collected by SRUM to paint a picture of a user’s activity, and even correlate that activity with network-related events, data transfer, processes, and more.

Introduction to Windows Forensics:
   • Introduction to Windows Forensics  

System Resource Utilization Monitor:
https://isc.sans.edu/forums/diary/Sys...

srum-dump:
https://github.com/MarkBaggett/srum-dump

SRUM Forensics (Yogesh Khatri, Champlain College):
https://www.sans.org/summit-archives/...

#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics