Comic Strips

12440 readers

3469 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

The post can be a single image, an image gallery, or a link to a specific comic hosted on another site (the author's website, for instance).
The comic must be a complete story.
If it is an external link, it must be to a specific story, not to the root of the site.
You may post comics from others or your own.
If you are posting a comic of your own, a maximum of one per week is allowed (I know, your comics are great, but this rule helps avoid spam).
The comic can be in any language, but if it's not in English, OP must include an English translation in the post's 'body' field (note: you don't need to select a specific language when posting a comic).
Politeness.
Adult content is not allowed. This community aims to be fun for people of all ages.

Web of links

[email protected]: "I use Arch btw"
[email protected]: memes (you don't say!)

founded 1 year ago

MODERATORS

[email protected]

1286

I'm in! (lemmy.world)

submitted 6 months ago by [email protected] to c/[email protected]

79 comments fedilink hide all child comments

Via Extra Fabulous Comics

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 15 points 6 months ago (1 children)

quarantine his PC

You mean shut it off and steal and the Ethernet cable? Lol

[–] [email protected] 11 points 6 months ago (1 children)

You DONT want to turn it off. Digital forensics work WAAAAAAY better if you have a memory dump of the system. And all the memory is lost if you turn it off. Even if the virus ran 10h ago and the program has long stoped running, there will most likely still be traces in the RAM. Like a hard drive, simply deleting something in RAM doesn't mean it is gone. As long as that specific area was not written over later it will still hold the same contenta. You can sometimes find memory that belonged to a virus days or even weeks after the infection if the system was never shut down. There is so much information in ram that is lost when the power is turned off.

You want to 1: quarantine from network (don't pull the cable at the system, but firewall it at the switch if possible) 2: take a full copy of the RAM 2.5: read out bitlocker keys if the drive is encrypted. 3: turn off and take a bitwise copy of the hard drive or just send the drive + memory dump to the forensics team. 4: get coffee

[–] [email protected] 7 points 6 months ago (1 children)

Why would you be doing digital forensics?

[–] [email protected] 13 points 6 months ago (1 children)

To find out if nuking that one workstation is enough or if you have to take more drastic measures.

[–] [email protected] 4 points 6 months ago (2 children)

I feel like most companies wouldn't bother with all that. They'd probably just nuke the workstation and call it a day.

[–] [email protected] 7 points 6 months ago (1 children)

And then get ransomwared a bit later.

[–] [email protected] 4 points 6 months ago

Oh yeah probably

[–] [email protected] 2 points 6 months ago

Yeah no. You gotta do due diligence. Getting one system compromised isn't enough. The whole point is to pivot, elevate, repeat.