[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-31316":3,"doc-seo-31316":27},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"file_id":15,"file_url":16,"file_type":17,"file_size":18,"view_count":4,"is_deleted":4,"is_public":19,"is_downloadable":19,"audit_status":19,"page_count":20,"language":21,"language_code":22,"table_of_contents":23,"faqs":24,"seo_title":13,"seo_description":14,"update_tm":25,"read_time":26},31316,687197100911,"Himbo","https://ap-avatar.wpscdn.com/avatar/a000239b6f1da00475?_k=1775820430993990792",8,"Research & Report","SRUM数据库取证与数据提取解码实用指南","System Resource Usage Monitor (SRUM) is a Windows 8/8.1 technology that records process and network statistics over time in a local database. The paper explains SRUM’s role for forensic examiners, outlines how the system collects and periodically updates data, and specifies what information is stored versus what is intentionally omitted. It examines database locations and formats, provides working details for extracting and decoding records, and demonstrates forensic value in correlating users, processes, and network activity for incident response.","cbCaiqsdZgd8OI0V","https://ap.wps.com/l/cbCaiqsdZgd8OI0V","pdf",2842976,1,13,"English","en","# Introduction\n## Research methods\n# System Resource Usage Monitor\n## Data collection and update frequency\n## Viewing SRUM data on Windows","[{\"question\":\"What is SRUM and what does it record on Windows 8/8.1 systems?\",\"answer\":\"SRUM tracks process and network statistics over time, storing process details, user ownership, CPU cycle usage, and network data sent or received by processes. It also includes Windows Push Notification details and network connectivity timing.\"},{\"question\":\"Which kinds of information are not collected by SRUM?\",\"answer\":\"SRUM does not record command-line arguments, DLL information, resource handles, thread information, or file access. It also does not capture network endpoint details such as IP addresses, computer names, protocols, or port numbers.\"},{\"question\":\"How often does SRUM update its database, and what can force an immediate update?\",\"answer\":\"The default database update period is one hour, with typical writes at 30 minutes after each hour on Windows 8. A shutdown triggers an immediate update of the SRUM database.\"}]",1779310828,33,{"code":4,"msg":28,"data":29},"ok",{"site_id":30,"language":22,"slug":31,"title":13,"keywords":32,"description":14,"schema_data":33,"social_meta":84,"head_meta":86,"extra_data":88,"updated_unix":25},105,"practical-guide-to-srum-database-forensics-and-data-extraction","",{"@graph":34,"@context":83},[35,52,66],{"@type":36,"itemListElement":37},"BreadcrumbList",[38,42,46,49],{"item":39,"name":40,"@type":41,"position":19},"https://docshare.wps.com","Home","ListItem",{"item":43,"name":44,"@type":41,"position":45},"https://docshare.wps.com/document/","Document",2,{"item":47,"name":12,"@type":41,"position":48},"https://docshare.wps.com/document/research-report/",3,{"item":50,"name":13,"@type":41,"position":51},"https://docshare.wps.com/document/practical-guide-to-srum-database-forensics-and-data-extraction/31316/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"description":14,"dateModified":60,"datePublished":60,"encodingFormat":59,"isAccessibleForFree":61,"interactionStatistic":62},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":39,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-05-20",true,{"@type":63,"interactionType":64,"userInteractionCount":4},"InteractionCounter",{"@type":65},"ViewAction",{"@type":67,"mainEntity":68},"FAQPage",[69,75,79],{"name":70,"@type":71,"acceptedAnswer":72},"What is SRUM and what does it record on Windows 8/8.1 systems?","Question",{"text":73,"@type":74},"SRUM tracks process and network statistics over time, storing process details, user ownership, CPU cycle usage, and network data sent or received by processes. It also includes Windows Push Notification details and network connectivity timing.","Answer",{"name":76,"@type":71,"acceptedAnswer":77},"Which kinds of information are not collected by SRUM?",{"text":78,"@type":74},"SRUM does not record command-line arguments, DLL information, resource handles, thread information, or file access. It also does not capture network endpoint details such as IP addresses, computer names, protocols, or port numbers.",{"name":80,"@type":71,"acceptedAnswer":81},"How often does SRUM update its database, and what can force an immediate update?",{"text":82,"@type":74},"The default database update period is one hour, with typical writes at 30 minutes after each hour on Windows 8. A shutdown triggers an immediate update of the SRUM database.","https://schema.org",{"og:url":50,"og:type":85,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":87,"canonical":50},"index,follow",{"doc_id":7,"site_id":30}]