Only the last 30 days? - Githubissues

MarkBaggett / srum-dump

A forensics tool to convert the data in the Windows srum (System Resource Usage Monitor) database to an xlsx spreadsheet.

GNU General Public License v3.0

594 stars 97 forks source link

Only the last 30 days? #23

Closed djlongy closed 4 years ago

djlongy commented 4 years ago

Does SRUM_dump2.exe only retrieve the last 30 days of records? I have a SRUDB.dat where I can see much older artifacts of interest in ASCII/HEX view, but SRUM_dump2 doesn't seem to retrieve any info about this. The events of interest occurred 3 years before the last event in SRUDB.dat

MarkBaggett commented 4 years ago

I am dumping every record that is in the database. If you hit control-alt-delete, open TASK MANAGER, then go to the "APP HISTORY" tab it will say something like "Resource usage since MM/DD/YYYY for current user" That is the oldest piece of data in SRUDB.dat. If you are seeing something that is older I am interested in understanding what it is to see if there is some way to retrieve it, but as far as I know we can only get 30 days worth of logs.