The landscape of digital forensics is ever-changing, with tools and techniques continually evolving to meet the demands of modern investigations. One such recent addition to the arsenal of SRUM analysis tools is NirSoft's Network Usage View (NUV).
Introduction to NUV
NUV, like many of NirSoft's offerings, is both free and user-friendly, designed to assist investigators in their triage efforts. Upon launching the tool, it defaults to displaying the host system information. However, it's versatile enough to be pointed to a mounted image for deeper analysis.
Loading SRUM Data with NUV
To load SRUM data from a specific image, such as the Donald Blake image, follow these steps:
Access Advanced Options: From the menu bar, select "Options" and then choose "Advanced Options."
Select External SRUMDB.dat: Under the "Load network usage data from:" dropdown menu, choose "External SRUMDB.dat database."
Navigate to SRUM Database: Click the "..." button and browse to the location of the SRUM database on the mounted image.
Analyzing SRUM Data with NUV
Once the target SRUM database is loaded, NUV provides a snapshot of applications running each hour, the user responsible for each application, and the inbound and outbound network traffic per application, per hour. This data can be invaluable for understanding user activity and network behavior.
What's Missing in NUV?
While NUV offers a comprehensive view of network usage data, one notable omission is the network name to which the system was connected at a given time. However, this gap can be easily filled using additional tools like as per my preference esedatabaseview (And I have created a blog)
Link Below:-
Conclusion
NUV by NirSoft is a valuable addition to the toolkit of digital forensic analysts, streamlining SRUM analysis and providing quick access to essential network usage data. While it may not offer a complete picture on its own, when combined with other tools and techniques, it becomes a powerful asset in the quest for digital evidence.
Akash Patel
Comments