The SRUM is a diagnostic tool built into Windows to monitor system resource usage. This tool can provide useful forensic information, for example:
- It can connect a user account to program execution and the amount of data sent or received over a network. This can help determine whether data may have been copied.
- It can connect a user account to a wireless network id, alongside the times connected. This can prove a machine was near some particular network during a time.
As it is a background system process, it is unlikely that an untrained user will know it exists or know how to hide their tracks effectively.
The fact that the SRUM tracks all wireless network connections is also potentially very useful as most Windows laptop devices will automatically attempt to connect to networks they have been on before. This means evidence of a user’s location can be generated without any conscious activity by them and before they have a chance to prevent it.
Also, as the incidence of Cryptomining increases, so to will the reliance on this useful monitoring tool.