SRUM Parser

SRUM Parser — Blog https://www.srumparser.com/en/blog Latest from Blog en Tue, 26 May 2026 18:41:41 GMT Detecting data exfiltration with SRUM network usage https://www.srumparser.com/en/blog/detect-data-exfiltration-srum https://www.srumparser.com/en/blog/detect-data-exfiltration-srum A focused method for spotting outbound data theft using SRUM's Network Data Usage table — per-process bytes, user attribution, and network profile. SRUM Parser Tue, 19 May 2026 00:00:00 GMT How to fix a dirty SRUDB.dat (ESE database recovery) https://www.srumparser.com/en/blog/recover-dirty-srudb-dat https://www.srumparser.com/en/blog/recover-dirty-srudb-dat Why a copied SRUDB.dat is often in a dirty state, and how to replay the transaction logs with esentutl so a parser can read every row. SRUM Parser Tue, 19 May 2026 00:00:00 GMT How long does SRUM keep data? Retention and registry settings https://www.srumparser.com/en/blog/srum-data-retention https://www.srumparser.com/en/blog/srum-data-retention How far back SRUM history goes, what controls retention, and the registry keys that govern the short-term and long-term tables. SRUM Parser Tue, 19 May 2026 00:00:00 GMT SRUM vs Prefetch vs Amcache: which execution artifact to use https://www.srumparser.com/en/blog/srum-vs-prefetch-amcache https://www.srumparser.com/en/blog/srum-vs-prefetch-amcache A practical comparison of the three main Windows program-execution artifacts — what each proves, their time resolution, and when SRUM wins. SRUM Parser Tue, 19 May 2026 00:00:00 GMT The ESE database format that powers SRUDB.dat https://www.srumparser.com/en/blog/ese-database-format https://www.srumparser.com/en/blog/ese-database-format Understanding the Extensible Storage Engine — Windows' embedded database used by SRUM, Active Directory, Exchange, the Edge browser cache, and more. SRUM Parser Sun, 17 May 2026 00:00:00 GMT How to parse SRUDB.dat without installing anything https://www.srumparser.com/en/blog/how-to-parse-srudb-dat https://www.srumparser.com/en/blog/how-to-parse-srudb-dat Three ways to extract data from a Windows SRUM database — pick the one that fits your time, environment, and skill level. SRUM Parser Sun, 17 May 2026 00:00:00 GMT Using SRUM in a forensic investigation https://www.srumparser.com/en/blog/srum-forensics-investigation https://www.srumparser.com/en/blog/srum-forensics-investigation Real-world investigative questions that the SRUM database can answer — data exfiltration, malware activity, suspect timelines, insider threat. SRUM Parser Sun, 17 May 2026 00:00:00 GMT SRUM tables explained: AppResource, Network, Energy, Push https://www.srumparser.com/en/blog/srum-tables-explained https://www.srumparser.com/en/blog/srum-tables-explained A reference guide to the well-known tables inside SRUDB.dat — their GUID names, columns, and what each one tells a forensic analyst. SRUM Parser Sun, 17 May 2026 00:00:00 GMT Where is SRUDB.dat located on Windows? https://www.srumparser.com/en/blog/where-is-srudb-dat https://www.srumparser.com/en/blog/where-is-srudb-dat The exact filesystem path of the SRUM database on every supported Windows version, plus how to extract it safely from a live machine or forensic image. SRUM Parser Sun, 17 May 2026 00:00:00 GMT What is SRUM and why forensic analysts care https://www.srumparser.com/en/blog/what-is-srum https://www.srumparser.com/en/blog/what-is-srum Pillar guide to the Windows System Resource Usage Monitor: what it records, where to find it, and what investigators get from it. SRUM Parser Sat, 16 May 2026 00:00:00 GMT