Incident Response with EZTools - System Resource Usage Monitor Forensics
SrumECmd is bundled with EZTools. This tool process SRUDB.dat and SOFTWARE hive for network, process and energy info.
In Windows, the system resource usage monitor is a built-in tool that allows you to view and track the usage of various resources on your computer, such as memory, CPU, and network usage. The information is stored in a database, which can be accessed using the Task Manager or other system monitoring tools. This information can be used to troubleshoot performance issues, identify resource bottlenecks, and optimize system performance.
From an incident response perspective, responders need to gather evidence of program execution. Let say a suspicious PE file dropped when a user of your organization clicked a phishing email, and one of the most useful sources of evidence of execution on a Windows system is the SRUM.
