Richard Davis continues his “Introduction to Windows Forensics” series with a video about the System Resource Utilization Monitor (SRUM). This artifact is often left unmentioned by many forensics books and online resources. SRUM was first introduced in Windows 8, and was a new feature designed to track system resource utilization such as CPU cycles, network activity, power consumption, etc. Analysts can use the data collected by SRUM to paint a picture of a user’s activity, and even correlate that activity with network-related events, data transfer, processes, and more.
-
Looking at Microsoft Teams from a DFIR Perspective
David Cowen’s Sunday Funday is back, so why not to take part in this fun? Last Sunda… -
Forensic Walkthrough: QBot Infection
For some reason, there are not so many posts on forensic examination of hosts infected wit… -
SQM: New Evidence of Execution Source?
Forensicating one of compromised hosts during our recent incident response activities we h…
Load More Related Articles
-
-
The Five Most Dangerous New Attack Techniques and How to Counter Them
Which are the most dangerous new attack techniques? How do they work? How can you stop the… -
Visual Analysis with ProcDOT
In the new episode of “Introduction to Malware Analysis” series Richard Davis …
Load More In Videos
Comments are closed.
