Posts tagged "execution-evidence"

• What is SRUM (SRUDB.dat)? (glossary)

  SRUM is the Windows System Resource Usage Monitor — an ESE database recording per-application CPU, network, and I/O usage in hour buckets over 30-60 days.

  2026-05-24

• What is Windows Prefetch? (glossary)

  Prefetch is the Windows folder of .pf files recording every binary execution, with up to 8-10 run timestamps per binary and the files each one loaded. The strongest Windows execution evidence.

  2026-05-24