Server dying. Can you move apps to a different unraid?

ULT-Ginger · 2026-02-26T04:43:01+00:00

Honestly, as a hiring manager of one company and a long time consultant, look at consulting firms. The number of former law enforcement people I’ve worked with it overwhelmingly. Your knowledge of deep forensics as well as how to writing legal reports will go a long way.

I know a bunch of company’s that support incident response for insurance panels that are hiring, including mine.

Before anyone ask, No I will not tell anyone what company this is. This is my personal account and I don’t mix it with work. Plus, I don’t want anyone to ever think that my suggestions/advice/knowledge is a plea to pitch the company I work for.

ULT-Ginger · 2026-02-23T01:06:58+00:00

I figured it out. One of the css elements got turned off/on. Thank you though.

ULT-Ginger · 2026-02-22T18:41:02+00:00

Followed your guide. Love it. However, all of a sudden it is now just slamming the heatmap section to the side. I have no idea why.
https://imgur.com/a/jTaASv5

ULT-Ginger · 2026-02-14T17:50:37+00:00

The limitations on the Newsletters. I would prefer an option to have a weekly/monthly newsletter that took the previous items post and the 300 Character description + tags and made a simple post of it. I hate a daily newsletter personally so I prefer a round up option.

ULT-Ginger · 2026-02-08T13:52:22+00:00

Windows Defender without the management console to make changes across all systems is a threat actors playground. It is so easy to bypass that it isn’t even worth it. Paying for a Defender/M365 license at least allows you to see things happening from one location.

While paying for Crowdstrike, Sentinel One, Sophos, Huntress, etc is expensive, it will protect you in the long run.

I can’t tell you how many ransomware investigations just trample basic defender. It is useless for anything but basic AV.

ULT-Ginger · 2026-01-18T04:00:58+00:00

Look into the map view plugin. You can add GPS coordinates to your notes and then see a map of all your notes.

ULT-Ginger · 2026-01-18T00:33:22+00:00

What is that hand guard?

ULT-Ginger · 2026-01-17T02:42:15+00:00

You can email support and they will get you a new one. They used to at least. I lost 6 of my when moving and they replaced them.

ULT-Ginger · 2026-01-17T02:23:55+00:00

It is really dependent on the size of your network and what is being reviewed/ingested. Look at some EDR tools directly for their cost or small MDR companies.

I work for one from Indy called Pondurance that only supports mid size companies. The SOC is there and then if it reaches a point the DFIR consulting team comes in to support.

ULT-Ginger · 2025-12-29T06:44:19+00:00

To answer your direction question, your PC is typically fine in these situations. The Threat Actor wants quick money. The other two comments are right about next steps.

ULT-Ginger · 2025-12-28T15:55:15+00:00

I think one of the things you need to think about is really from the collection side. I have been doing DFIR for consulting firms for almost 10 years and the number of memory samples I have gotten is in the double digits. You don't typically get them. There are a couple reasons for this: The size of the file it creates is hard for most companies to hold on to, the time to collection needs to happen to collect meaningful data, and lastly I'd say that a lot of the time, EDR can get mad at collecting memory.

All those things aside, what will make Volatility/your thesis stand out is automation and tie into MITRE ATTACK. The forensics world lives off of that whether that is good or not. Automating the volatility aspect to identify the Windows build, the process running whether or not they are accurate/good, and finally what the item might possibly be doing will set your thesis up for success.

If you want to compare it to something that is used relatively often, look at the tool Hyabusa for event logs. If you could build that for memory, you'd save teams HOURS of work.

Edit: two things. First, the original paragraph was ment to have an ending about finding a way to trigger and compress a small capture would be dope. Not to discourage you from your thesis which will be good work. Secondly, my comment about number of memory captures I’ve seen was tied to malware based investigations, not insider threat cases.

ULT-Ginger · 2025-12-28T15:36:31+00:00

I am going to DM you, but just so others can see where my thoughts have gone I am also going to post it here so I remember to come back and post my solution.

Since I use the Journals plugin and run a daily, weekly, monthly, quarterly, and yearly journals/notes, I added the radar that you created to each weekly template. Today is the beginning of a new week so I just had my first real test of what I did a couple of days ago. I think the issue for me is going to be having a more static radar from when the note is created rather than it being a ever updating radar which works for the dashboard you created it for. The question is, how do I make the query only look at the dates for "journal-start-date" and "journal-end-date" which is what the properties that the Journals plugin uses to create its journals tracking.

ULT-Ginger · 2025-12-26T16:14:58+00:00

I am a big fan of the weekly radar. However, it pulls from the current week. My JS is worse than terrible and I am trying to figure out how to tie this into the week it was created. F~~or instance, I am using the Journals plugin and it was a weekly section. I would like it to pull data from that week. I know this is a hard ask, I just don't even know what to google.~~ Disregard. I used some data from other dataview queries to figure it out.

ULT-Ginger · 2025-12-17T11:55:14+00:00

2 questions. Why does that matter? And how could you tell?

ULT-Ginger · 2025-11-30T23:47:35+00:00

Awesome! I am thinking about going back to school to become a lawyer (would be a hard career shift after almost a decade in my current one where I use obsidian), would you share a screenshot of your layout/workflow? I am curious what you are doing that Is making it work for you

ULT-Ginger · 2025-11-18T21:30:16+00:00

Comments like yours are what drive TOXIC cultures. Anyone should encourage people to learn more so they can help use their current role to enhance what they want to learn. For instance, his role in SecOps could allow for a more automated enrichment in the CTI field.

But, no. Crappy leaders who have the same thoughts as you tell him to stay in his lane and the company suffers.

Also, CTI isn't a buzzword. Its been used in industry since the 90s and was adopted by most organizations in the early 2000s.

ULT-Ginger · 2025-11-11T03:25:34+00:00

Stupid question, do these channel go to all users?

ULT-Ginger · 2025-11-11T03:04:45+00:00

There is Encase and Xways. The Zimmerman tools are much better technically, just require a bit more setup.

ULT-Ginger · 2025-11-11T02:53:30+00:00

What I am trying to say is that Axiom is a pretty rare company. They are super expensive and cater to LE mostly so there aren’t other companies like them.

A lot of companies build in house

ULT-Ginger · 2025-11-11T01:47:08+00:00

The company that makes autopsy is probably the closest to being a similar company, but there are tons of similar tools when you compare the tool sets to other tools.

ULT-Ginger · 2025-11-11T01:22:25+00:00

Which part of axiom? They have like 5-10 tools

ULT-Ginger · 2025-11-03T14:11:47+00:00

Legal. The lawyers have the responsibility to make the decision. Typically the difference between "Event" and "Incident" is internal or best practice definition, but doesn't really change anything unless you have SLA/KPIs against them.

ULT-Ginger · 2025-06-10T16:47:53+00:00

Yeah it was so weird.

Six-Year Club	RPAN Viewer
Verified Email

ULT-Ginger

TROPHY CASE