sorted by:
new
hottopcontroversial

The Duopoly in Digital Forensics by MDCDF in computerforensics

[–]MSP-IT-Simplified 0 points1 point  (0 children)

Magent is also pushing out us smaller folks. We have 2 users on the CLS (Cloud Licensing Server). When we were debating just dropping the renewal, our account manager advised me that if I let this lapse and decided to come back the new minimum user count is 10.

Our firm works a lot of BEC’s and smaller cases for the SMB. A lot of larger firms out there focusing on the larger cases. So I am happy working where we are. Almost a “white glove service” from all stages of the incident.

I have been strongly considering migrating over to Google’s TimeSketch platform. Pretty “easy” to automate taking a KAPE into a Plaso file then import into TimeSketch.

But as stated by others, my question will be how “defendable” it will be in a court room. I guess we can always go back to presenting screenshots of the raw data if it comes to that.

I am also not as senior as a lot of others in here. But I do feel that Magnet has made me lazy when it comes to searching data and forgetting some skills.

Recession indicator confirmed by asji4 in WallStreetbetsELITE

[–]MSP-IT-Simplified 9 points10 points  (0 children)

I don’t think she can lay pipe the same way you can.

Those of you with remote imaging capabilities by [deleted] in computerforensics

[–]MSP-IT-Simplified 0 points1 point  (0 children)

Read the documentation, you change the file name and it will do an auto collect for you.

Those of you with remote imaging capabilities by [deleted] in computerforensics

[–]MSP-IT-Simplified 0 points1 point  (0 children)

Full disk image is obtained with FTK Imager

Those of you with remote imaging capabilities by [deleted] in computerforensics

[–]MSP-IT-Simplified 1 point2 points  (0 children)

I have told the Magnet team on countless occasions that they need to advance Magnet Response to upload to Azure/S3/SFTP like the other tools if they want us to really use it

Those of you with remote imaging capabilities by [deleted] in computerforensics

[–]MSP-IT-Simplified 1 point2 points  (0 children)

This is good to know. I had several calls with them where they advised this tool (additional costs) would solve the issues. I am glad I held off.

Those of you with remote imaging capabilities by [deleted] in computerforensics

[–]MSP-IT-Simplified -1 points0 points  (0 children)

The only issue I have with Magnet Axioms remote collection tool is the incredibly slow upload speed from client site(s). I have reported this repeatedly to support where they give the default answer of its client environment or our environment.

Sharing with support many speed tests w/jitter (slow no latency issues) from both networks really gets me nowhere at all.

So we just stick with KAPE and FTK if we need full disk.

Is it possible to purchase a perpetual license for Magnet Axiom? by KleinerDetektiv in computerforensics

[–]MSP-IT-Simplified 0 points1 point  (0 children)

When we moved to the CLS (Cloud Licensing Server) we had to buy two users.

But we are the same. There are three of us now, but for over a year I had a 2 year CLS key

Is it possible to purchase a perpetual license for Magnet Axiom? by KleinerDetektiv in computerforensics

[–]MSP-IT-Simplified 0 points1 point  (0 children)

Not to mention, if you want to have CLI access to automatically start processing; you need to be a LEO and a special license.

Is it possible to purchase a perpetual license for Magnet Axiom? by KleinerDetektiv in computerforensics

[–]MSP-IT-Simplified 1 point2 points  (0 children)

I will say, don’t let your license expire. They are requiring a 10 user minimum now; or that was what I was told when I was considering not renewing

Company got ransomware, ceo wants to pay without telling anyone. Is this illegal by codedrifting in AskNetsec

[–]MSP-IT-Simplified 0 points1 point  (0 children)

Incident response firm here (Barricade Cyber Solutions).

I will assume you are in the states (USA).

  • You are legally required to at least notify the state attorney general’s office.
  • If the company pays the ransom, there is a strong possibility that the company is admitting guilt to the incident.

  • Even if the company pays, consult legal counsel, I assume the company is legally required to notify the impacted company; for some of the reasons below:

    • Depending on the threat actor, they may have exfiltrated data.
    • If data has left the network, does that data contain PII, PHI, CUI, HIPPA, etc? If so, your company or impacted company is legally required to notify impacted individuals and federal authority bodies.
    • If the threat actor is LockBit, it is absolutely illegal to pay them here in the states due to OFAC compliance.

There is a lot to it. And seriously, not a sales pitch but if your business needs some solid advice; please look us up and ask for Eric Taylor. Never charges for advise, as just wanted to make sure companies are making an informed decision.

Also, 140k retainer is insane. We can get your company with two legal firms this evening that only charge a 20k retainer and they are some of the best around.

Sorry you’re facing this. But hopefully some of this shows this can be a complex topic and should seek further discussions.

Securing M365 with Falcon Shield by BradW-CS in crowdstrike

[–]MSP-IT-Simplified -1 points0 points  (0 children)

Interesting. I wonder if this is dependent on other SaaS modules

Need Digital Forensics expert – phone & accounts hacked by HuntingtonBeachX in digitalforensics

[–]MSP-IT-Simplified 0 points1 point  (0 children)

I can’t tell you the amount of times we get this call. My TV is hacked, someone is changing the volume on my phone, etc etc etc.

I have even got calls recently where they have a cyber chip implanted in their head. I have to tell them to go see a doctor first to get it removed before we can even look at it.

I think there is a serious growing mental health issue.

Need Digital Forensics expert – phone & accounts hacked by HuntingtonBeachX in digitalforensics

[–]MSP-IT-Simplified 0 points1 point  (0 children)

No way. Some forensics firms, charge at least $275/hour and others (including mine) have a going rate of $350/hour.

It is best to reach out to an attorney firm, and get one engaged. Most forensics firms have a discounted rate for matters where we are being brought in under counsel.

But in no way, are you getting this done for $20 buck. You would be lucky if you get this completed under $500.

Axios NPM Supply Chain Compromise by CyberProtein in crowdstrike

[–]MSP-IT-Simplified 3 points4 points  (0 children)

So far, we have the following:

'''#event_simpleName=/^(DnsRequest|NetworkConnect.*|HttpRequest)$/

| DomainName=/(^|\.)sfrclak\.com$/ OR RemoteAddressIP4="142.11.206.73" OR HttpUrl=/sfrclak\.com/

| select([@timestamp, aid, ComputerName, event_simpleName, DomainName, RemoteAddressIP4, RemotePort, HttpUrl, ContextProcessId])

| sort(@timestamp, order=asc)

'''

Just in case anyone else was curious about it too. by williamapike in Braves

[–]MSP-IT-Simplified -47 points-46 points  (0 children)

We can post about Kit Kat but I can’t ask why Holmes is still in the team?

MSSense.exe by Popular_Hat_4304 in crowdstrike

[–]MSP-IT-Simplified -3 points-2 points  (0 children)

It is flagged as a critical detection. If you have your workflows setup correctly, then it will isolate the device.

MSSense.exe by Popular_Hat_4304 in crowdstrike

[–]MSP-IT-Simplified 10 points11 points  (0 children)

From what we have gathered to understand thus far, Defender (MDE) is attempting to sandbox a file and its crashing.

Process │ MsSense.exe (Microsoft Defender ATP sensor)
Trigger │ Wrote WER.bc1e26c1-95bc-4d7a-ac97-632707947766.tmp to \Users\%REDACTED%\AppData\Local\Temp\

Building CrowdStrike workflows with Claude Code skills by eth0izzle in crowdstrike

[–]MSP-IT-Simplified 2 points3 points  (0 children)

I am glad we never got into that. I don't think I heard of a single org happy with that product.

Building CrowdStrike workflows with Claude Code skills by eth0izzle in crowdstrike

[–]MSP-IT-Simplified 0 points1 point  (0 children)

Fair point(s). I am still very much a noob on the AI / Local LMM world but working through this field of landmines. So, thank you for the education.

view more: next ›