This product pack contains instructions that provides the historical information about network usage, energy usage, resource usage, process activity by user, application usage, etc. Windows 10 SRU database is an Extensible Storage Engine database which stores forensic information on historical application activity.
An IT administrator is getting frequent tickets from the service desk regarding a sudden surge of resource usage & process activity on a certain group of machines periodically. The service desk is unsure of the way the first level of troubleshooting is supposed to be carried out. This product pack can help the service desk by getting them the historical information about the suspected devices which can help them in narrowing the path of troubleshooting to solve the issue.
Show ApplicationResourceUsageProvider table contents with specified Application name and username
Get ApplicationResourceUsageProvider table where Application contains %ApplicationName% and user name contains %UserName%
It will create the snapshot of specified drive and save to an output file with specified case number, description, evidence number, examiner and notes.
Get FTK Imager forensic snapshot of drive %driveNumber% saving to file %OutputFile% with case number %CaseNumber%, evidence number %EvidenceNumber%, description %Description%, Examiner %Examiner%, Notes %Notes%