Home

Awesome

ps-srum-hunting - a PowerShell Threat Hunting Dcript Repository

PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and to initiate simple investigation or use as a potential threat hunting tool.

NOTE-1: This Repository is currently under development and is being shared to get as much input as possible on feature sets and directions.

NOTE-2: This is currently raw material and requires a lot ot TLC which will come

Repository Task List

The following activities still need processing and completion.

References, inspirations and useful connections

Following is a list of references and inspirations as well as other projects that have helped guide the work for this project.

TitleAuthorLink
SRUM forensicsYogesh Khatrihttps://www.sans.org/summit-archives/file/summit-archive-1492184583.pdf
srum-dumpMark Baggetthttps://github.com/MarkBaggett/srum-dump
Extensible Storage Engine (ESE) Database File (EDB) formatJoachim Metzhttps://github.com/libyal/libesedb
System Resource Usage Monitor (SRUM) databaseJoachim Metzhttps://github.com/libyal/esedb-kb/blob/master/documentation/System%20Resource%20Usage%20Monitor%20(SRUM).asciidoc
Extensible Storate Engine (ESE) CmdletsBAMCIS Networkshttps://github.com/bamcisnetworks/ESENT