Uncover the Truth: Digging into Windows Hidden 30-Day Forensic Timeline

Picture this: you approach a machine where you know an incident has occurred, but all traditional logs are missing or wiped leaving you with no clear starting point. Enter srum-dump Version 3, a brand new,  free, powerful forensics tool available at github.com/MarkBaggett/srum-dump, designed to extract and analyze the Windows System Resource Usage Monitor (SRUM) database into XLSX or CSV spreadsheets.

This tool is a lifeline for incident responders, law enforcement, and network defenders, as it reconstructs a detailed 30-day history of system activities, including application usage, network connections, and resource consumption, even when other logs are unavailable. In this presentation, the tool’s author, Mark Baggett, will demonstrate live how srum-dump empowers you to uncover critical evidence and rebuild the incident timeline. Join us to see how this tool can transform your forensic investigations when the odds seem stacked against you!