Talk With an Expert

Uncover the Truth: Digging into Windows Hidden 30-Day Forensic Timeline

  • Thu, Jun 5, 2025
  • 11:00AM - 12:00PM AEST
  • English
  • Mark Baggett
  • Technical Presentation
Webcast Hero

Picture this: you approach a machine where you know an incident has occurred, but all traditional logs are missing or wiped leaving you with no clear starting point. Enter srum-dump Version 3, a brand new,  free, powerful forensics tool available at github.com/MarkBaggett/srum-dump, designed to extract and analyze the Windows System Resource Usage Monitor (SRUM) database into XLSX or CSV spreadsheets.

This tool is a lifeline for incident responders, law enforcement, and network defenders, as it reconstructs a detailed 30-day history of system activities, including application usage, network connections, and resource consumption, even when other logs are unavailable. In this presentation, the tool’s author, Mark Baggett, will demonstrate live how srum-dump empowers you to uncover critical evidence and rebuild the incident timeline. Join us to see how this tool can transform your forensic investigations when the odds seem stacked against you!

Meet the speaker

Mark Baggett
Mark Baggett

Mark Baggett

Chief Technology Officer

Mark Baggett has revolutionized cybersecurity through his leadership at SANS. His development of tools like Freq Server has strengthened threat detection, while his work in automation has empowered professionals to defend against evolving threats.

Read more about Mark Baggett