Richard Davis continues his “Introduction to Windows Forensics” series with a video about the System Resource Utilization Monitor (SRUM). This artifact is often left unmentioned by many forensics books and online resources. SRUM was first introduced in Windows 8, and was a new feature designed to track system resource utilization such as CPU cycles, network activity, power consumption, etc. Analysts can use the data collected by SRUM to paint a picture of a user’s activity, and even correlate that activity with network-related events, data transfer, processes, and more.
