Database Network Activity System Resource Usage Monitor (SRUM)
System Resource Usage Monitor (SRUM)
Description : Records 30 to 60 days of historical system performance. Applications run, user account responsible for each, and application and bytes sent/received per application per hour.
Location :
C:\Windows\System32\Config\SOFTWARE
SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SRUM\Extensions
{973F5D5C-1D90-4944-BE8E-24B94231A174} = Windows Network Data Usage Monitor
{DD6636C4-8929-4683-974E-22C046A43763} = Windows Network Connectivity Usage
SOFTWARE\Microsoft\WlanSvc\Interfaces\
C:\Windows\System32\SRU\
Notes :
Use tool such as srum_dump.exe to cross correlate the data between the registry keys and the SRUM ESE Database.
Analysis :Coming Soon!