Our next Greater Augusta ISSA public meeting will be held on Thursday, June 26th, 2025. Mark Baggett will be discussing "Uncover the Truth: Digging into Windows Hidden 30-Day Forensic Timeline". Please join us for this in-person event. Pizza and refreshments will be provided prior to the discussion. Seats are limited, so please reserve yours today!
Please register at the link below:
https://augusta-issa-2nd-qtr-june-25.eventbrite.com
Abstract: Uncover the Truth: Digging into Windows Hidden 30-Day Forensic Timeline
Picture this: you approach a machine where you know an incident has occurred, but all traditional logs are missing or wiped leaving you with no clear starting point. Enter srum-dump Version 3, a brand new, free, powerful forensics tool available at github.com/MarkBaggett/srum-dump, designed to extract and analyze the Windows System Resource Usage Monitor (SRUM) database into XLSX or CSV spreadsheets. This tool is a lifeline for incident responders, law enforcement, and network defenders, as it reconstructs a detailed 30-day history of system activities, including application usage, network connections, and resource consumption, even when other logs are unavailable. In this presentation, the tool’s author, Mark Baggett, will demonstrate live how srum-dump empowers you to uncover critical evidence and rebuild the incident timeline. Join us to see how this tool can transform your forensic investigations when the odds seem stacked against you!
About the Author: Mark Baggett’s first foray into information security was on the receiving end of hacking, and he was amazed by the experience. “The hackers made my computer do stuff that I didn't think was possible,” he says. “It was like magic and I had to know how the trick was done.” He immediately became obsessed with understanding all the tricks, how they worked, and how to prevent them from happening again.
Fast forward to today and Mark’s infosec career spans nearly 30 years with 15 of those years spent teaching for SANS. Mark is currently a faculty fellow for SANS and an independent consultant through his company Indepth Defense providing forensics, incident response, and penetration testing services. Mark served as the technical advisor to the DoD for SANS from 2011 until 2024, where he assisted various government organizations in the development of information security capabilities. Today he is the Chief Technology Officer for the Internet Storm Center.
https://www.sans.org/profiles/mark-baggett/
https://www.linkedin.com/in/mark-baggett/
http://twitter.com/markbaggett
http://www.youtube.com/@markbaggett
Date: Thursday, June 26, 2025 Time: 7:00pm - 9:00pm Location: Georgia Cyber Center, 100 Grace Hopper Lane, Augusta, GA 30901 (Nybble room)
If you are interested, please register at the link below:
https://augusta-issa-2nd-qtr-june-25.eventbrite.com
