Safeguarding Digital Evidence: Best Practices in Disk Forensics for Indian Organizations

Protecting digital evidence has become crucial in the current digital era, as data breaches and cybercrimes are becoming more common. Digital forensics, or disc forensics, is a field vital to the investigation of frauds, cybercrimes, and.. #cyberforensic

Continue reading Safeguarding Digital Evidence: Best Practices in Disk Forensics for Indian Organizations

View On WordPress

Kickstarting a new Martin Hench novel about the dawn of enshittification

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/01/07/weird-pcs/#a-mormon-bishop-an-orthodox-rabbi-and-a-catholic-priest-walk-into-a-personal-computing-revolution

Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by @wilwheaton:

http://martinhench.com

This is the third Hench novel, following on from the nationally bestselling The Bezzle (2024) and Red Team Blues (2023). I wrote Red Team Blues with a funny conceit: what if I wrote the final volume of a beloved, long-running series, without writing the rest of the series? Turns out, the answer is: "Your editor will buy a whole bunch more books in the series!"

My solution to this happy conundrum? Write the Hench books out of chronological order. After all, Marty Hench is a financial hacker who's been in Silicon Valley since the days of the first PCs, so he's been there for all the weird scams tech bros have dreamed up since Jobs and Woz were laboring in their garage over the Apple I. He's the Zelig of high-tech fraud! Look hard at any computing-related scandal and you'll find Marty Hench in the picture, quietly and competently unraveling the scheme, dodging lawsuits and bullets with equal aplomb.

Which brings me to Picks and Shovels. In this volume, we travel back to Marty's first job, in the 1980s – the weird and heroic era of the PC. Marty ended up in the Bay Area after he flunked out of an MIT computer science degree (he was too busy programming computers to do his classwork), and earning his CPA at a community college.

Silicon Valley in the early eighties was wild: Reaganomics stalked the land, the AIDS crisis was in full swing, the Dead Kennedys played every weekend, and man were the PCs ever weird. This was before the industry crystalized into Mac vs PC, back when no one knew what they were supposed to look like, who was supposed to use them, and what they were for.

Marty's first job is working for one of the weirder companies: Fidelity Computing. They sound like a joke: a computer company run by a Mormon bishop, a Catholic priest and an orthodox rabbi. But the joke's on their customers, because Fidelity Computing is a scam: a pyramid sales cult that exploits religious affinities to sell junk PCs that are designed to lock customers in and squeeze them for every dime. A Fidelity printer only works with Fidelity printer paper (they've gimmicked the sprockets on the tractor-feed). A Fidelity floppy drive only accepts Fidelity floppies (every disk is sold with a single, scratched-out sector and the drives check for an error on that sector every time they run).

Marty figures out he's working for the bad guys when they ask him to destroy Computing Freedom, a scrappy rival startup founded by three women who've escaped from Fidelity Computing's cult: a queer orthodox woman who's been kicked out of her family; a radical nun who's thrown in with the Liberation Theology movement in opposing America's Dirty Wars; and a Mormon woman who's quit the church in disgust at its opposition to the Equal Rights Amendment. The women of Computing Freedom have a (ahem) holy mission: to free every Fidelity customer from the prison they were lured into.

Marty may be young and inexperienced, but he can spot a rebel alliance from a light year away and he knows what side he wants to be on. He joins the women in their mission, and we're deep into a computing war that quickly turns into a shooting war. Turns out the Reverend Sirs of Fidelity Computer aren't just scammers – they're mobbed up, and willing to turn to lethal violence to defend their racket.

This is a rollicking crime thriller, a science fiction novel about the dawn of the computing revolution. It's an archaeological expedition to uncover the fossil record of the first emergence of enshittification, a phenomenon that was born with the PC and its evil twin, the Reagan Revolution.

The book comes out on Feb 15 in hardcover and ebook from Macmillan (US/Canada) and Bloomsbury (UK), but neither publisher is doing the audiobook. That's my department.

Why? Well, I love audiobooks, and I especially love the audiobooks for this series, because they're read by the incredible Wil Wheaton, hands down my favorite audiobook narrator. But that's not why I retain my audiobook rights and produce my own audiobooks. I do that because Amazon's Audible service refuses to carry any of my audiobooks.

Here's how that works: Audible is a division of Amazon, and they've illegally obtained a monopoly over the audiobook market, controlling more than 90% of audiobook sales in many genres. That means that if your book isn't for sale on Audible, it might as well not exist.

But Amazon won't let you sell your books on Audible unless you let them wrap those books in "digital rights management," a kind of encryption that locks them to Audible's authorized players. Under Section 1201 of the Digital Millennium Copyright Act, it's a felony punishable with a 5-year sentence and a $500k fine to supply you with a tool to remove an audiobook from Audible and play it on a rival app. That applies even if the person who gives you the tool is the creator of the book!

You read that right: if I make an audiobook and then give you the tools to move it out of Amazon's walled garden, I could go to prison for five years! That's a stiffer sentence than you'd face if you were to just pirate the audiobook. It's a harsher penalty than you'd get for shoplifting the book on CD from a truck-stop. It's more draconian than the penalty for hijacking the truck that delivers the CDs!

Amazon knows that every time you buy an audiobook from Audible, you increase the cost you'll have to pay if you switch to a competitor. They use that fact to give readers a worse deal (last year they tried out ads in audiobooks!). But the people who really suffer under this arrangement are the writers, whom Amazon abuses with abandon, knowing they can't afford to leave the service because their readers are locked into it. That's why Amazon felt they could get away with stealing $100 million from indie audiobook creators (and yup, they got away with it):

https://www.audiblegate.com/about

Which is why none of my books can be sold with DRM. And that means that Audible won't carry any of them.

For more than a decade, I've been making my own audiobooks, in partnership with the wonderful studio Skyboat Media and their brilliant director, Gabrielle de Cuir:

https://skyboatmedia.com/

I pay fantastic narrators a fair wage for their work, then I pay John Taylor Williams, the engineer who masters my podcasts, to edit the books and compose bed music for the intro and outro. Then I sell the books at every store in the world – except Audible and Apple, who both have mandatory DRM. Because fuck DRM.

Paying everyone a fair wage is expensive. It's worth it: the books are great. But even though my books are sold at many stores online, being frozen out of Audible means that the sales barely register.

That's why I do these Kickstarter campaigns, to pre-sell thousands of audiobooks in advance of the release. I've done six of these now, and each one was a huge success, inspiring others to strike out on their own, sometimes with spectacular results:

https://www.usatoday.com/story/entertainment/books/2022/04/01/brandon-sanderson-kickstarter-41-million-new-books/7243531001/

Today, I've launched the Kickstarter for Picks and Shovels. I'm selling the audiobook and ebook in DRM-form, without any "terms of service" or "license agreement." That means they're just like a print book: you buy them, you own them. You can read them on any equipment you choose to. You can sell them, give them away, or lend them to friends. Rather than making you submit to 20,000 words of insulting legalese, all I ask of you is that you don't violate copyright law. I trust you!

Speaking of print books: I'm also pre-selling the hardcover of Picks and Shovels and the paperbacks of The Bezzle and Red Team Blues, the other two Marty Hench books. I'll even sign and personalize them for you!

http://martinhench.com

I'm also offering five chances to commission your own Marty Hench story – pick your favorite high-tech finance scam from the past 40 years of tech history, and I'll have Marty bust it in a custom short story. Once the story is published, I'll make sure you get credit. Check out these two cool Little Brother stories my previous Kickstarter backers commissioned:

Spill

https://reactormag.com/spill-cory-doctorow/

Vigilant

https://reactormag.com/vigilant-cory-doctorow/

I'm heading out on tour this winter and spring with the book. I'll be in LA, San Francisco, San Diego, Burbank, Bloomington, Chicago, Richmond VA, Toronto, NYC, Boston, Austin, DC, Baltimore, Seattle, and other dates still added. I've got an incredible roster of conversation partners lined up, too: John Hodgman, Charlie Jane Anders, Dan Savage, Ken Liu, Peter Sagal, Wil Wheaton, and others.

I hope you'll check out this book, and come out to see me on tour and say hi. Before I go, I want to leave you with some words of advance praise for Picks and Shovels:

I hugely enjoyed Picks and Shovels. Cory Doctorow’s reconstruction of the age is note perfect: the detail, the atmosphere, ethos, flavour and smell of the age is perfectly conveyed. I love Marty and Art and all the main characters. The hope and the thrill that marks the opening section. The superb way he tells the story of the rise of Silicon Valley (to use the lazy metonym), inserting the stories of Shockley, IBM vs US Government, the rise of MS – all without turning journalistic or preachy.

The seeds of enshittification are all there… even in the sunlight of that time the shadows are lengthening. AIDS of course, and the coming scum tide of VCs. In Orwellian terms, the pigs are already rising up on two feet and starting to wear trousers. All that hope, all those ideals…

I love too the thesis that San Francisco always has failed and always will fail her suitors.

Despite cultural entropy, enshittification, corruption, greed and all the betrayals there’s a core of hope and honour in the story too.

-Stephen Fry

Cory Doctorow writes as few authors do, with tech world savvy and real world moral clarity. A true storyteller for our times.

-John Scalzi

A crackling, page-turning tumble into an unexpected underworld of queer coders, Mission burritos, and hacker nuns. You will fall in love with the righteous underdogs of Computing Freedom—and feel right at home in the holy place Doctorow has built for them far from Silicon Valley’s grabby, greedy hands."

-Claire Evans, editor of Motherboard Future, author of Broad Band: The Untold Story of the Women Who Made the Internet.

"Wonderful…evokes the hacker spirit of the early personal computer era—and shows how the battle for software freedom is eternal."

-Steven Levy, author of Hackers: Heroes of the Computer Revolution and Facebook: The Inside Story.

What could be better than a Martin Hench thriller set in 1980s San Francisco that mixes punk rock romance with Lotus spreadsheets, dot matrix printers and religious orders? You'll eat this up – I sure did.

-Tim Wu, Special Assistant to the President for Technology and Competition Policy, author of The Master Switch: The Rise and Fall of Information Empires

Captures the look and feel of the PC era. Cory Doctorow draws a portrait of a Silicon Valley and San Francisco before the tech bros showed up — a startup world driven as much by open source ideals as venture capital gold.

-John Markoff, Pulitzer-winning tech columnist for the New York Times and author of What the Doormouse Said: How the Sixties Counterculture Shaped the Personal Computer Industry

You won't put this book down – it's too much fun. I was there when it all began. Doctorow's characters and their story are real.

-Dan'l Lewin, CEO and President of the Computer History Museum

https://datasanitization.in/

The BTK killer probably would have gotten away with it if he hadn't insisted on sending out communications, though there's also a chance that forensic genetic genealogy would have led to him eventually, as it did with Golden State Killer.

He sent a message asking whether they could track him if he sent in a floppy disk, and they said "no". (Specifically, he had prearranged that they put an ad in the paper with the words "Rex, it will be OK," if the answer was no.)

The floppy that he sent in had a single file, "TestA.rtf", which had no identifying metadata, but when the disk was run through EnCase, a digital investigation software, it showed that there was another file which had been "deleted". It was still present on the disk because a floppy drive doesn't (by default) write over deleted files, it just unallocated the space. That file was an agenda for a meeting at a church, and the metadata said the user who saved it was "Dennis", so they Googled the church name, found that the church president was Dennis Rader, drove by his house and saw the same car they already had on grainy video, tested crime scene DNA against his daughter's medical records, and that was basically it. The time from him sending the floppy to getting arrested was ten days.

So the police lied to him. It helped them to catch him, but this is now enshrined in serial killer lore, and I have to imagine that any aspiring serial killer like BTK will have read this account. I wonder if there was ever any consideration of the balance here. I've read some accounts that they "tricked" him, but I don't think that this rises to the level of trick, it was just a lie, albeit one that he set himself up for.

Part of the strategy with BTK was to stroke his considerable ego, to say that he was interesting, to get him to communicate more, hoping that he would slip up. This, too, is part of serial killer lore, and understanding of how serial killers work and how the police will attempt to catch them.

But as time stretches into the future, it seems like these tactics can only work once if the criminals in question are even remotely attempting to evade capture. Doesn't the "meta" evolve? The police will simply lie to you, so you can't trust any information from them. Do the police think this understanding is a net good? I kind of think it's not, especially since it seems like it torpedoes the other strategy of rapport and trust building.

I don't think they were wrong to lie, necessarily, but it does seem like a trick that you can't use too many times, at least not on those who are doing even a smidgen of research.

New perspective on supermassive black holes

Some of the first data from an international space mission is confirming decades worth of speculation about the galactic neighborhoods of supermassive black holes.

More exciting than the data, though, is the fact that the long-awaited satellite behind it—the X-Ray Imaging and Spectroscopy Mission or XRISM—is just getting started providing such unparalleled insights.

"We have found the right tool for developing an accurate picture of the unexplored orders of magnitude around supermassive black holes," Jon Miller, professor of astronomy at the University of Michigan, said of XRISM.

"We're beginning to see clues of what that environment really looks like."

The Japanese Aerospace Exploration Agency, or JAXA, which teamed up with NASA and the European Space Agency to create and launch XRISM, announced the new results, which were also published in The Astrophysical Journal Letters.

Miller was the lead author of that study. He and more than 100 co-authors from around the world investigated what's called an active galactic nucleus, which includes a supermassive black hole and its extreme surroundings.

To do this, they relied on XRISM's unparalleled ability to gather and measure spectra of X-rays emitted by cosmic phenomena.

"It is truly exciting that we are able to gather X-ray spectra with such unprecedented high resolution, particularly for the hottest plasmas in the universe," said Lia Corrales, U-M assistant professor of astronomy and a co-author of both XRISM publications.

"Spectra are so rich with information, we will surely be working to fully interpret the first datasets for many years to come."

Accretion disks with a twist

Space exploration enthusiasts may know that the Chandra X-ray Observatory—what NASA calls its flagship X-ray telescope—recently celebrated its 25th anniversary of operating in space.

What's less well known is that, over the past 25 years, an international cohort of scientists, engineers and space agency officials have been attempting to launch similarly sophisticated, but different X-ray missions. 

The goal of these attempts was to provide high-quality, complementary data to better understand what Chandra and other telescopes were seeing. XRISM is now delivering that data.

With their data set, Miller, Corrales and their colleagues have solidified a hypothesis about structures called accretion disks near supermassive black holes in active galactic nuclei.

These disks can be thought of like vinyl records made of gas and other loose particles from a galaxy being spun by the spectacular gravity of the black holes at their centers. By studying accretion disks, researchers can better understand what's happening around the black hole and how it impacts the lifecycle of its host galaxy.

By probing the center of a galaxy called NGC 4151, more than 50 million light years away, the XRISM collaboration confirmed that the disk's shape isn't as simple as once thought.

"What we're seeing is that the record isn't flat. It has a twist or a warp," Miller said. "It also appears to get thicker toward the outside."

Although suggestions of this more complex geometry have emerged in other data over the past two and a half decades, the XRISM results are the strongest direct evidence for it.

"We had hints," Miller said. "But somebody in forensics would say that we couldn't have convicted anyone with what we had."

The team also found that the accretion disk appears to be losing a lot of its gas. Again, scientists have theories about what happens to this material, but Miller said XRISM will enable researchers to find more definitive answers.

"It has been very hard to say what the fate of that gas is," he said. "Actually finding the direct evidence is the hard work that XRISM can do."

And XRISM isn't just allowing researchers to think about existing theories in new ways. It's enabling them to investigate parts of space that were invisible to them before.

The missing link

For all the talk of their gravitational pull being so strong that not even light can escape it, black holes are still responsible for creating a whole lot of electromagnetic radiation that we can detect.

For instance, the Event Horizon Telescope—a network of instruments on Earth sensitive to radiation emitted as radio waves—has enabled astronomers to zoom in and see the very edge of two different black holes.

There are other instruments on Earth and in space that detect different bands of radiation, including X-rays and infrared light, to provide larger, galaxy-scale views of the environs of black holes.

But scientists have lacked high-resolution tools to determine what was going on between those two scales, from right next to the black hole up to the size of its host galaxy. And that space between is where accretion disks and other interesting celestial structures exist.

If you were to divide the scale of the zoomed-out view of a black hole by that of its close-up, you'd get a number close to 100,000. To a physicist, each zero is an order of magnitude, meaning the gap in coverage spanned five orders of magnitude.

"When it comes to understanding how gas gets into a black hole, how some of that gas is lost and how the black hole impacts its host galaxy, it's those orders of magnitude that really matter," Miller said.

XRISM now gives researchers access to those scales by looking for X-rays emitted by iron around black hols and relying on the "S" in its acronym: spectroscopy. 

Rather than using X-ray light to construct an image, XRISM's spectroscopy instrument detects the energy of individual X-rays, or photons. Researchers can then see how many photons were detected with a particular energy across a range, or spectrum, of energies.

By collecting, studying and comparing spectra from different parts of the regions near a black hole, researchers are able to learn more about the processes afoot.

"We joke that spectra put the 'physics' in 'astrophysics,'" Miller said.

Although there are other operational X-ray spectroscopy tools, XRISM's is the most advanced and relies on a microcalorimeter, dubbed "Resolve." This turns the incident X-ray energy into heat rather than, say, a more conventional electrical signal.

"Resolve is allowing us to characterize the multi-structured and multi-temperature environment of supermassive black holes in a way that was not possible before," Corrales said.

XRISM provides researchers with 10 times better energy resolution compared with what they've had before, Miller said. Scientists have been waiting for an instrument like this for 25 years, but it hasn't been for a lack of trying.

If at first you don't succeed

Years before its 1999 launch, Chandra was initially conceived of as the Advanced X-Ray Astrophysics Facility, a single mission that would fly with state-of-the-art technology for both X-ray imaging and spectroscopy.

That, however, proved to be too expensive, so it was divided into the Chandra telescope and a spectroscopy mission called Astro-E, whose development was led by JAXA. Unfortunately, Astro-E was lost during its launch in February 2000.

JAXA, NASA and the European Space Agency all realized how important the tool was, Miller said, and worked together to essentially refly the Astro-E mission roughly five years later. This time, however, the mission was called Suzaku, named after a phoenix-like mythical bird.

"Suzaku made it into orbit, but its cryogenic system had a leak, so all its coolant leaked into space. Its prime scientific instrument never took actual data," Miller said. "There was a different camera on board for X-rays, though, and it did really nice work for about 10 years."

Within months of sunsetting Suzaku, the space agencies launched a third mission to provide the X-ray spectroscopy that the community was seeking. The mission took off as Astro-H in February 2016 and was renamed Hitomi after it entered orbit and deployed its solar panels.

Miller had traveled to Florida for a meeting about Hitomi right around the time disaster struck the mission. A maneuvering error sent Hitomi into an uncontrollable spin.

"It spun so fast that the solar panels flew off," Miller said. 

Less than 40 days after the launch, the space agencies lost contact with Hitomi.

"You could actually go out on the beach in Florida at night and watch it tumble across the sky," Miller said. "It flickered in a very unique way."

Before it ended, the Hitomi mission did manage to take what Miller quantified as one and a half scientific observations. That was enough to transform how researchers thought about galaxy clusters, which contain hundreds or thousands of galaxies, he said.

So it's fair to say that a lot was riding on XRISM when it launched in September 2023. Based on early returns, it sounds like XRISM is equipped to deliver. Miller and a handful of his global colleagues were among the first to see the data that would lead to their new report.

"It was very late in Japan, an odd time in Europe and we were all on Zoom. All of us had trouble finding the words," Miller said. "It was breathtaking."

Miller's original doctoral thesis project was meant to study data from the Astro-E mission, so he's been invested in this work for more than half his life and virtually his entire science career.

During that time, Hitomi and more successful missions like Chandra have been providing data that have enabled him and others in the field to further our understanding of the cosmos. But the researchers also knew they'd need something like the X-ray calorimeter on board XRISM to make the leaps they've been hungry for.

"It's been difficult at many points, but we kept getting hints about what might be possible," Miller said. "It's almost impossible to replicate these environments in earthbound experiments and we've been wanting to know a lot of the details of how they really work. I think we're finally going to make some progress on that."

TOP IMAGE: An artist's rendering of what's called an active galactic nucleus at the center of NGC 4151. The galaxy's black hole sits at the center, immediately surrounded by an accretion disk shown in blue.  Credit JAXA

CENTRE IMAGE: A schematic shows how the XRISM mission can take spectra from different parts of an active galactic nucleus: the thin, hot accretion disk; an intermediate zone called the broad-line region; and a cooler, more diffuse torus. Credit JAXA

LOWER IMAGE: XRISM has shown that the accretion disk surrounding a black hole in an active galactic nucleus is warped, confirming earlier hypotheses reflected in this artist’s conception from 2015. Image credit: International Center for Radio Astronomy Research

From the beginning | Previously | Coin standings | 37 | 26

It strikes you that a place like t𝚑is is ideal for A PRO'S PORCINE GOATEE CORPORATE ESPIONAGE. If you'r𝖾 in a backup version of realit𝘺 with no people in it, all the workstations currently being used in reality should be 𝚞𝚗locked in this RAID disk. Which means... if you can figure out how to interpret some sort of medieval torture rack-type t𝗁ingy as a computer, you c𝚘uld read some of the Design Center's secret fi𝚕es! And you've got those DEVELOPER TOOLS, which might just be what ÿou neeđ for the job.

You jab α spiky box with a needle, and by magicks arcane, you gain access to the computer's filesystem. ሃou find the following files immediately, alongside a "com" that you'ʀe not sure wh𝚊t to 𝘥o with:

OUR_SPORTBALL_RECIPIENT, probably about wh𝚒ch sports te𝒂m the Ninelite Design Ce𝗇ter intends to sign a sponsorship deal with for the upcoming BARED ORDEAL.

QATAR:_A_FORENSIC_PERIOD, probably abou𝔱... uh, some sort of law-enforcement trend that ɦad to do with making a lot of use of forensics. In some country you've never heard of before.

REDISCOVER_ANXIETY_RUNE, probably aboutａplan to find and ωeaponize the long-lost Anxiety Rune that can psychologically destroy whoever reads it.

SPAM_CREATOR_GUESSERS, probably about the office's attempts to guess who exactly has been creating all the spam that's been filling up their inboxes. They'll nail the jer𝗄, no doubt.

Unfortunately, as soon as you connect to this filesyste𝚖, another alarm starts blaring! You've g𝚘t to get out of here before you're cornered by security!

Unless you really wan𝚝 to push your luck, you've only got time to decrypt and read one of these four files. Wḧat'll it be?

Continued | 37 | 25

I am always up for eldritch bats, tell me more

Hey, thanks for asking! Technically the concept goes, Bruce modifies himself -> it alters him in unexpected ways and brings him more in tune with the city.

Here's a snippet from the start of it:

Mission report. 

Bruce blinked past his concussion, laboriously typing up the events of the night, each finger aching as it moved on the keyboard. Bruce could feel scabs breaking off under the gloves, new blood binding the kevlar composite into his hands. 

Recently he'd realized that the reports needed to be started early, because he was prone to forgetting otherwise. 

His fractured hand moved clumsily over the keys, punching in letters describing the crime scene, his impressions, the evidence forensics had found. He frowned, struggling to recall exact numbers and deciding he could check footage later if needed. 

This was just a way to get his initial thoughts down, account for the limitations in the lenses. 

When the report was done, Bruce listed back against his chair, letting the chair support his back. A pressure headache tugged at his skull and Bruce knew he'd have to deal with the new spinal leak soon, but right now he didn't bother to move, the darkness of the Cave making the pain echo even more sharply through his bones and teeth. 

If he wanted to, Bruce could get up right now. He'd mastered every aspect of his body. Made torn muscles work, walked on broken bones. 

But the damage was particularly hard to ignore tonight. 

He’d long since stopped updating his own medical files, but he ran through an accounting of the present damage. Concussion, his second this week. Hand fracture, foot fracture, worsening labral tear in his hip. His injured jaw could barely move. He had a herniated disk, severe bruising.

Being your forensics girl pt.1

HOW THEY GET AWAY W IT

-

Education purposes only.

There’s no for sure way of them successfully getting away but here’s some things that don’t work

1. Burying an animal on top to cover the scent

This won’t work since k9 are trained to smell the difference between human and animal

2. Planting endangered plants on top

Police will be able to search via warrant or simply digging around the plant

-

If the person wants to throw off pathologists they could try preserve the body via Freezing but not all the time that works. Pathologists can still determine most exterior causes and most interior. But determining the time is hard, time of deth isn’t exact and in these cases since the body is frozen most postmortem symptoms don’t show.

-

Another thing, the person is most likely to get caught unless there is no witnesses no dna and have no connection to the person.

But no dna is very hard unless you are a genius and even the smartest get lazy and get caught. How they try not to get dna in the scene is with gloves, different size shoes, hair nets, making sure the person did not scratch them since the dna is under their nails, no sea men, no spit or bite marks

FYI bite marks don’t always prove it

-

On the psychological side they have to be careful and NEVER make a mistake. One way it happened is with floppy disks (what dumbahh) or by getting too c0cky

-

As always pls kindly correct me on anything

Ok byeeee

-Vivi

Best Data Recovery Malaysia

The Superiority of SSD over HDD

When considering upgrading to a new SSD, it's important to understand the numerous advantages they offer over traditional HDDs. SSDs provide significantly faster data transfer rates, resulting in improved overall system responsiveness. Additionally, their lower power consumption leads to extended battery life, making them ideal for laptops. The absence of moving parts in SSDs not only increases durability but also ensures silent operation, unlike HDDs which produce mechanical noise during data access.

Data Recovery Malaysia

Furthermore, SSDs are lighter and more portable, making them a perfect choice for users on the move. These superior attributes position the new SSD as the preferred storage solution for modern computer systems.

Benefits of Switching to SSD

Switching to an SSD brings about enhanced system performance, minimizing waiting time for device usage and enabling smoother multitasking. Additionally, SSDs contribute to overall system cooling by generating less heat and result in faster software installations and updates, saving valuable time for users. With seamless data access, system lag is reduced, enhancing user productivity. The use of new SSDs and disk cloning software such as Macrium Reflect, Clonezilla, and MiniTool Partition Wizard is crucial for a successful transition from the old drive to the new one. Overall, the benefits of transitioning to SSD, whether for a new computer or upgrading an old one, are substantial and can significantly improve the overall user experience.

Data recovery KL

Pre-Cloning Steps: Getting Ready for the Process

Before initiating the cloning process, safeguard vital data to prevent loss. Check if the new SSD has the required space for data accommodation. Prioritize creating a backup of existing data to mitigate any potential loss during cloning. To expedite the cloning duration and streamline data management, clear disk space on the source HDD. Ensure the source HDD functions optimally to prevent cloning corrupted data.

Choosing the Suitable Disk Cloning Software

When selecting disk cloning software, finding a reliable and user-friendly solution is essential. Ensuring compatibility with both source and target disks is crucial for a seamless cloning process. Look for additional features such as disk partition management and a detailed guide for enhanced control and user assistance. The right software can make the transition to a new SSD, like the Samsung SSD, a smooth experience. Make sure to consider popular options like Macrium Reflect and MiniTool Partition Wizard, ensuring that the chosen software meets your specific needs and provides the necessary support for your cloning process.

Data Recovery Kuala Lumpur

[Media] ​​macOS (and iOS) Artifact Parsing Tool

​​macOS (and iOS) Artifact Parsing Tool A DFIR (Digital Forensics and Incident Response) tool to process Mac computer full disk images (or live machines) and extract data/metadata useful for forensic investigation. It is a python based framework, which has plugins to process individual artifacts (such as Safari internet history, Network interfaces, Recently accessed files & volumes, ..) https://github.com/ydkhatri/mac_apt #cybersecurity #infosec #forensic

Smart Data Recovery Kuala Lumpur

Data Recovery Kl

Best Hard Drive Recovery Provider

Data loss events often happen with no warning and can cripple your computer. In some cases, they can result in serious negative impacts to your business or organization. A data recovery service is a service that specializes in the recovery of lost or corrupted data. It is performed by salvaging data from failed, damaged or corrupted storage devices. A hard drive recovery service may use a variety of methods in an attempt to recover the lost data. Our examiners use forensic-grade tools to find admissible digital evidence on all types of storage devices. Trust the pros to repair your damaged database or restore deleted files. Our labs have soldering stations to repair damage and retrieve stored data. In some cases, data recovery software can help you get your data back even if you didn't prepare ahead of time - Hard Disk Data Recovery.

Only a handful of other data recovery services have a similar wealth of experience as, but that’s just one of many reasons why we consider it to be the best data recovery company out there. Contrary to what many people believe, professional data recovery services are within the budget of most people, not just large enterprises. The trick is finding one that delivers excellent recovery results while charging a fair price. When using a hard drive data recovery service you will need to send the storage device to the service where they will perform the recovery in a clean environment using dedicated equipment - Best Data Recovery.

The company provide solutions for individuals, teams, and businesses facing the challenge of lost or corrupted files. Choosing a service that additionally offers recoveries from RAID arrays, file server drives, tablets, cameras, flash drives, and SD cards means you have more recovery options and, consequently, more data restored. Cleanrooms are important, and a data recovery service that operates them on-site makes the whole process less stressful on your hardware. Transportation from one location to another is greatly reduced and services like these have all the necessary tools to make a variety of fixes. For more information, please visit our site https://www.nowdatarecovery.com/

Chapter One of “Picks and Shovels” (Part 1)

Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.

My next novel is Picks and Shovels, out next month. It's tells the origin story of Martin Hench, my hard-charging, scambusting, high-tech forensic accountant, in a 1980s battle over the soul of a PC company:

https://us.macmillan.com/books/9781250865908/picksandshovels

I'm currently running a Kickstarter to pre-sell the book in every format: hardcover, DRM-free ebook, and an independently produced, fabulous DRM-free audiobook read by Wil Wheaton, who just nailed the delivery:

https://www.kickstarter.com/projects/doctorow/picks-and-shovels-marty-hench-at-the-dawn-of-enshittification

Picks and Shovels opens with a long prologue that recounts Marty's misadventures as a failing computer science student at MIT, his love-affair with computers, and his first disastrous startup venture. It ends with him decamping to Silicon Valley with his roommate Art, a brilliant programmer, to seek their fortune.

Chapter one opens with Marty's first job, working for a weird PC company (there were so many weird PC companies back then!). I've posted Wil's audio reading of chapter one as a teaser for the Kickstarter:

https://www.youtube.com/watch?v=IGXz1mkAd2Q

(Here it is as an MP3 at the Internet Archive:)

https://ia600607.us.archive.org/5/items/picks-and-shovels-promo/audio.mp3

The audio is great, but I thought I'd also serialize the text of Chapter One here, in five or six chunks. If you enjoy this and want to pre-order the book, please consider backing the Kickstarter:

https://www.kickstarter.com/projects/doctorow/picks-and-shovels-marty-hench-at-the-dawn-of-enshittification

Chapter One

Fidelity Computing was the most colorful PC company in Silicon Valley.

A Catholic priest, a Mormon bishop, and an Orthodox rabbi walk into a technology gold rush and start a computer company. The fact that it sounded like the setup for a nerdy joke about the mid-1980s was fantastic for their bottom line. Everyone who heard their story loved it.

As juicy as the story of Fidelity Computing was, they flew under most people’s radar for years, even as they built a wildly profitable technology empire through direct sales through faith groups. The first time most of us heard of them was in 1983, when Byte ran its cover story on Fidelity Computing, unearthing a parallel universe of technology that had grown up while no one was looking.

At first, I thought maybe they were doing something similar to Apple’s new Macintosh: like Apple, they made PCs (the Wise PC), an operating system (Wise DOS), and a whole line of monitors, disk drives, printers, and software.

Like the Mac, none of these things worked with anything else—you needed to buy everything from floppy disks to printer cables specially from them, because nothing anyone else made would work with their system.

And like the Mac, they sold mostly through word of mouth. The big difference was that Mac users were proud to call themselves a cult, while Fidelity Computing’s customers were literally a religion.

Long after Fidelity had been called to the Great Beyond, its most loyal customers gave it an afterlife, nursing their computers along, until the parts and supplies ran out. They’d have kept going even then, if there’d been any way to unlock their machines and use the same stuff the rest of the computing world relied on. But that wasn’t something Fidelity Computing would permit, even from beyond the grave.

I was summoned to Fidelity headquarters—in unfashionable Colma, far from the white-hot start-ups of Palo Alto, Mountain View, and, of course, Cupertino—by a friend of Art’s. Art had a lot more friends than me. I was a skipping stone, working as the part-time bookkeeper/accountant/CFO for half a dozen companies and never spending more than one or two days in the same office.

Art was hardly more stable than me—he switched start-ups all the time, working for as little as two months (and never for more than a year) before moving on. His bosses knew what they were getting: you hired Art Hellman to blaze into your company, take stock of your product plan, root out and correct all of its weak points, build core code libraries, and then move on. He was good enough and sufficiently in demand to command the right to behave this way, and he wouldn’t have it any other way. My view was, it was an extended celebration of his liberation from the legal villainy of Nick Cassidy III: having narrowly escaped a cage, he was determined never to be locked up again.

Art’s “engagements”—as he called them—earned him the respect and camaraderie of half the programmers and hardware engineers in the Valley. This, in spite of the fact that he was a public and ardent member of the Lavender Panthers, wore the badge on his lapel, went to the marches, and brought his boyfriend to all the places where his straight colleagues brought their girlfriends.

He’d come out to me less than a week after I arrived by the simple expedient of introducing the guy he was watching TV with in our living room as Lewis, his boyfriend. Lewis was a Chinese guy about our age, and his wardrobe—plain white tee, tight blue jeans, loafers—matched the new look Art had adopted since leaving Boston. Lewis had a neat, short haircut that matched Art’s new haircut, too.

To call the Art I’d known in Cambridge a slob would be an insult to the natty, fashion-conscious modern slob. He’d favored old band T-shirts with fraying armpit seams, too-big jeans that were either always sliding off his skinny hips or pulled up halfway to his nipples. In the summer, his sneakers had holes in the toes. In the winter, his boots were road-salt-crusted crystalline eruptions. His red curls were too chaotic for a white-boy ’fro and were more of a heap, and he often went days without shaving.

There were members of the Newbury Street Irregulars who were bigger slobs than Art, but they smelled. Art washed, but otherwise, he looked like a homeless person (or a hacker). His transformation to a neatly dressed, clean-shaven fellow with a twenty-five-dollar haircut that he actually used some sort of hairspray on was remarkable. I’d assumed it was about his new life as a grown-up living far from home and doing a real job. It turned out that wasn’t the reason at all.

“Oh,” I said. “That makes a lot of sense.” I shook Lewis’s hand. He laughed. I checked Art. He was playing it cool, but I could tell he was nervous. I remembered Lucille and how she listened, and what it felt like to be heard. I thought about Art, and the things he’d never been able to tell me.

There’d been a woman in the Irregulars who there were rumors about, and there were a pair of guys one floor down in Art’s building who held hands in the elevator, but as far as I knew up until that moment, I hadn’t really ever been introduced to a homosexual person. I didn’t know how I felt about it, but I did know how I wanted to feel about it.

So Art didn’t just get to know all kinds of geeks from his whistle-stop tour of Silicon Valley’s hottest new tech ventures. He was also plugged into this other network of people from the Lavender Panthers, and their boyfriends and girlfriends, and the people he knew from bars and clubs. He and Lewis lasted for a couple of months, and then there were a string of weekends where there was a new guy at the breakfast table, and then he settled down again for a while with Artemis, and then he hit a long dry spell.

I commiserated. I’d been having a dry spell for nearly the whole two years I’d been in California. The closest I came to romance was exchanging a letter with Lucille every couple of weeks—she was a fine pen pal, but that wasn’t really a substitute for a living, breathing woman in my life.

Art threw himself into his volunteer work, and he was only half joking when he said he did it to meet a better class of boys than you got at a club. Sometimes, there’d be a committee meeting in our living room and I’d hear about the congressional committee hearing on the “gay plague” and the new wave of especially vicious attacks. It was pretty much the only time I heard about that stuff—no one I worked with ever brought it up, unless it was to make a terrible joke.

It was Murf, one of the guys from those meetings, who told me that Fidelity Computing was looking for an accountant for a special project. He had stayed after the meeting and he and Art made a pot of coffee and sat down in front of Art’s Apple clone, a Franklin Ace 1200 that he’d scored six months ahead of its official release. After opening the lid to show Murf the interior, Art fired it up and put it through its paces.

I hovered over his shoulder, watching. I’d had a couple of chances to play with the 1200, and I wanted one more than anything in the world except for a girlfriend.

“Marty,” Art said, “Murf was telling me about a job I thought you might be good for.”

The Ace 1200 would have a list price of $2,200. I pulled up a chair.

Fidelity Computing’s business offices were attached to their warehouse, right next to their factory. It took up half of a business park in Colma, and I had to circle it twice to find a parking spot. I was five minutes late and flustered when I presented myself to the receptionist, a blond woman with a ten – years – out – of – date haircut and a modest cardigan over a sensible white shirt buttoned to the collar, ring on her finger.

“Hello,” I said. “I’m Marty Hench. I—uh—I’ve got a meeting with the Reverend Sirs.” That was what the executive assistant I’d spoken to on the phone had called them. It sounded weird when he said it. It sounded weirder when I said it.

The receptionist gave me a smile that only went as far as her lips. “Please have a seat,” she said. There were only three chairs in the little reception area, vinyl office chairs with worn wooden armrests. There weren’t any magazines, just glossy catalogs featuring the latest Fidelity Computing systems, accessories, consumables, and software. I browsed one, marveling at the parallel universe of computers in the strange, mauve color that denoted all Fidelity equipment, including the boxes, packaging, and, now that I was attuned to it, the accents and carpet in the small lobby. A side door opened and a young, efficient man in a kippah and wire-rim glasses called for me: “Mr. Hench?” I closed the catalog and returned it to the pile and stood. As I went to shake his hand, I realized that something had been nagging me about the catalog—there were no prices.

“I’m Shlomo,” the man said. “We spoke on the phone. Thank you for coming down. The Reverend Sirs are ready to see you now.”

He wore plain black slacks, hard black shiny shoes, and a white shirt with prayer-shawl tassels poking out of its tails. I followed him through a vast room filled with chest-high Steelcase cubicles finished in yellowing, chipped wood veneer, every scratch pitilessly lit by harsh overhead fluorescents. Most of the workers at the cubicles were women with headsets, speaking in hushed tones. The tops of their heads marked the interfaith delineators: a block of Orthodox headscarves, then a block of nuns’ black and white scarves (I learned to call them “veils” later), then the Mormons’ carefully coiffed, mostly blond dos.

“This way,” Shlomo said, passing through another door and into executive row. The mauve carpets were newer, the nap all swept in one direction. The walls were lined with framed certificates of appreciation, letters from religious and public officials (apparently, the church and state were not separate within the walls of Fidelity Computing), photos of groups of progressively larger groups of people ranked before progressively larger offices—the company history.

We walked all the way to the end of the hall, past closed doors with nameplates, to a corner conference room with a glass wall down one side, showing a partial view of a truck-loading dock behind half-closed vertical blinds. Seated at intervals around a large conference table were the Reverend Sirs themselves, each with his own yellow pad, pencil, and coffee cup.

Shlomo announced me: “Reverend Sirs, this is Marty Hench. Mr. Hench, these are Rabbi Yisrael Finkel, Bishop Leonard Clarke, and Father Marek Tarnowski.” He backed out of the door, leaving me standing, unsure if I should circle the table shaking hands, or take a seat, or—

“Please, sit,” Rabbi Finkel said. He was fiftyish, round-faced and bear-shaped with graying sidelocks and beard and a black suit and tie. His eyes were sharp behind horn-rimmed glasses. He gestured to a chair at the foot of the table.

I sat, then rose a little to undo the button of my sport coat. I hadn’t worn it since my second job interview, when I realized it was making the interviewers uncomfortable. It certainly made me uncomfortable. I fished out the little steno pad and stick pen I’d brought with me.

“Thank you for coming, Mr. Hench.” The rabbi had an orator’s voice, that big chest of his serving as a resonating chamber like a double bass.

“Of course,” I said. “Thanks for inviting me. It’s a fascinating company you have here.”

Bishop Clarke smiled at that. He was the best dressed of the three, in a well-cut business suit, his hair short, neat, side-parted. His smile was very white, and very wide. He was the youngest of the three—in his late thirties, I’d guess. “Thank you,” he said. “We know we’re very different from the other computer companies, and we like it that way. We like to think that we see something in computers—a potential—that other people have missed.”

Father Tarnowski scowled. He was cadaverously tall and thin, with the usual dog collar and jacket, and a heavy gold class ring. His half-rim glasses flashed. He was the oldest, maybe sixty, and had a sour look that I took for habitual. “He doesn’t want the press packet, Leonard,” he said. “Let’s get to the point.” He had a broad Chicago accent like a tough-guy gangster in The Untouchables.

Bishop Clarke’s smile blinked off and on for an instant and I was overcome with the sudden knowledge that these two men did not like each other at all, and that there was some kind of long-running argument simmering beneath the surface. “Thank you, Marek, of course. Mr. Hench’s time is valuable.” Father Tarnowski snorted softly at that and the bishop pretended he didn’t hear it, but I saw Rabbi Finkel grimace at his yellow pad.

“What can I help you Reverend Sirs with today?” Reverend Sirs came more easily now, didn’t feel ridiculous at all. The three of them gave the impression of being a quarter inch away from going for each other’s throats, and the formality was a way to keep tensions at a distance.

“We need a certain kind of accountant,” the rabbi said. He’d dated the top of his yellow pad and then circled the date. “A kind of accountant who understands the computer business. Who understands computers, on a technical level. It’s hard to find an accountant like that, believe it or not, even in Silicon Valley.” I didn’t point out that Colma wasn’t in Silicon Valley.

“Well,” I said, carefully. “I think I fit that bill. I’ve only got an associate’s degree in accounting, but I’m a kind of floating CFO for half a dozen companies and I’ve been doing night classes at UCSF Extension to get my bachelor’s. I did a year at MIT and built my own computer a few years back. I program pretty well in BASIC and Pascal and I’ve got a little C, and I’m a pretty darned good debugger, if I do say so myself.”

Bishop Clarke gave a small but audible sigh of relief. “You do indeed sound perfect, and I’m told that Shlomo spoke to your references and they were very enthusiastic about your diligence and . . . discretion.”

I’d given Shlomo a list of four clients I’d done extensive work with, but I hadn’t had “discretion” in mind when I selected them. It’s true that doing a company’s accounts made me privy to some sensitive information—like when two employees with the same job were getting paid very different salaries—but I got the feeling that wasn’t the kind of “discretion” the bishop had in mind.

“I’m pretty good at minding my own business,” I said, and then, “even when I’m being paid to mind someone else’s.” I liked that line, and made a mental note about it. Maybe someday I’d put it on my letterhead. Martin Hench: Confidential CPA.

The bishop favored me with a chuckle. The rabbi nodded thoughtfully. The priest scowled.

“That’s very good,” the bishop said. “What we’d like to discuss today is of a very sensitive nature, and I’m sure you’ll understand if we would like more than your good word to rely on.” He lifted his yellow pad, revealing a single page, grainily photocopied, and slid it over the table to me. “That’s our standard nondisclosure agreement,” he said. He slid a pen along to go with it.

I didn’t say anything. I’d signed a few NDAs, but only after I’d taken a contract. This was something different. I squinted at the page, which was a second- or third-generation copy and blurry in places. I started to read it. The bishop made a disgusted noise. I pretended I didn’t hear him.

I crossed out a few clauses and carefully lettered in an amendment. I initialed the changes and slid the paper back across the table to the bishop, and found the smile was gone from his face. All three of them were now giving me stern looks, wrath-of-God looks, the kind of looks that would make a twenty-one-year-old kid like me very nervous indeed. I felt the nerves rise and firmly pushed them down.

“Mr. Hench,” the bishop said, his tone low and serious, “is there some kind of problem?”

It pissed me off. I’d driven all the way to for-chrissakes Colma and these three weirdo God-botherers had ambushed me with their everything – and – the – kitchen – sink contract. I had plenty of work, and I didn’t need theirs, especially not if this was the way they wanted to deal. This had suddenly become a negotiation, and my old man had always told me the best negotiating position was a willingness to get up from the table. I was going to win this negotiation, one way or another.

“No problem,” I said.

“And yet you appear to have made alterations to our standard agreement.”

“I did,” I said. That’s not a problem for me, I didn’t say.

He gave me more of that stern eyeball-ray stuff. I let my negotiating leverage repel it. “Mr. Hench, our standard agreement can only be altered after review by our general counsel.”

“That sounds like a prudent policy,” I said, and met his stare.

He clucked his tongue. “I can get a fresh one,” he said. “This one is no good.”

I cocked my head. “I think it’d be better to get your general counsel, wouldn’t it?”

The three of them glared at me. I found I was enjoying myself. What’s more, I thought Rabbi Finkel might be suppressing a little smile, though the beard made it hard to tell.

“Let me see it,” he said, holding his hand out.

Bishop Clarke gave a minute shake of his head. The rabbi half rose, reached across the table, and slid it over to himself, holding it at arm’s length and adjusting his glasses. He picked up his pen and initialed next to my changes.

“Those should be fine,” he said, and slid it back to me. “Sign, please.”

“Yisrael,” Bishop Clarke said, an edge in his voice, “changes to the standard agreements need to be reviewed—”

“By our general counsel,” the rabbi finished, waving a dismissive gesture at him. “I know, I know. But these are fine. We should probably make the same changes to all our agreements. Meanwhile, we’ve all now had a demonstration that Mr. Hench is the kind of person who takes his promises seriously. Would you rather have someone who doesn’t read and signs his life away, or someone who makes sure he knows what he’s signing and agrees with it?”

Bishop Clarke’s smile came back, strained at the corners. “That’s an excellent point, Rabbi. Thank you for helping me understand your reasoning.” He collected the now-signed contract from me and tucked it back under his yellow pad.

“Now,” he said, “we can get down to the reason we asked you here today.”

Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/01/09/the-reverend-sirs/#fidelity-computing/

Mandiant Finds UNC5820 FortiManager For Data Exfiltration

Mandiant and Fortinet worked together in October 2024 to look into the widespread abuse of FortiManager appliances across more than fifty potentially compromised FortiManager devices in a range of businesses. A threat actor can use an unauthorized, threat actor-controlled FortiManager device to run arbitrary code or commands against susceptible FortiManager devices with the vulnerability, CVE-2024-47575 / FG-IR-24-423.

As early as June 27, 2024, Mandiant saw a new threat cluster that is currently monitor as UNC5820 taking advantage of the FortiManager vulnerability. The configuration information of the FortiGate devices controlled by the compromised FortiManager was staged and exfiltrated by UNC5820. Along with the users and their FortiOS256-hashed passwords, this data includes comprehensive configuration details for the controlled equipment. UNC5820 might utilize this information to target the enterprise environment, advance laterally to the controlled Fortinet devices, and further attack the FortiManager.

The precise requests that the threat actor made in order to take advantage of the FortiManager vulnerability were not yet documented in the data sources that Mandiant examined. Furthermore, as of this point in Google cloud study, there is no proof that UNC5820 used the configuration data it had acquired to migrate laterally and endanger the environment even more. It therefore don’t have enough information at the time of publication to evaluate actor location or motivation. Mandiant will update this blog’s attribution assessment as new information emerges from investigations.

A forensic investigation should be carried out right away by any organizations whose FortiManager may be exposed to the internet.

Exploitation Details

The first known instance of Mandiant being exploited was on June 27, 2024. Several FortiManager devices were connected to the default port TCP/541 on that day via the IP address 45[.]32[.]41[.]202. Around the same time, the file system stored the staging of different Fortinet configuration files in an archive called /tmp/.tm that was compressed using Gzip. The files and folders mentioned in below Table were included in this bundle.FilenameDescription/var/dm/RCSFolder containing configuration files of managed FortiGate devices/var/dm/RCS/revinfo.dbDatabase containing additional information of the managed FortiGate devices/var/fds/data/devices.txtContains a list of FortiGate serials and their corresponding IP addresses/var/pm2/global.dbGlobal database that contains object configurations, policy packages, and header and footer sensor configuration for IPS/var/old_fmversionContains current FortiManager version, build, and branch information

Mandiant noticed a second attempt at exploitation using the same symptoms on September 23, 2024. Outgoing network traffic happened soon after the archive was created in both exploitation scenarios. The size of the archive is marginally less than the number of bytes delivered to the corresponding destination IP addresses. The specifics of this action are listed in below Table .

The threat actor’s device was linked to the targeted FortiManager during the second exploitation attempt. Figure shows the timestamp at which the illegal FortiManager was introduced to the Global Objects database.

The threat actor’s unknown Fortinet device showed up in the FortiManager console after they had successfully exploited the FortiManager.

The files /fds/data/subs.dat and /fds/data/subs.dat.tmp contain additional indicators of the exploitation that include an associated disposable email address and a company name as listed in Figure .SerialNumber=FMG-VMTM23017412|AccountID= [email protected]|Company=Purity Supreme|UserID=1756868

Lack of Follow-On Malicious Activity

Mandiant examined rootfs.gz, the device’s initramfs (RAM disk) that is mounted to /bin. During the period of exploitation activity, did not discover any malicious files that had been produced or altered.

Affected clients who displayed comparable activities in their environments were alerted by Google Cloud. In order to help identify Fortinet device exploit attempts, Google Cloud Threat Intelligence also conducted retrohunts while creating detections for this activity and manually escalated Pre-Release Detection Rule notifications to impacted SecOps customers.

Apart from working with Mandiant, Fortinet made aggressive efforts to notify its clients in advance of their advise so that they may improve their security posture before it was widely made public.

Mitigation Strategies / Workaround

Restrict only authorized internal IP addresses from accessing the FortiManager admin portal.

Permitted FortiGate addresses should be the only ones allowed to connect to FortiManager.

Deny FortiManager access to unidentified FortiGate devices.

Available 7.2.5, 7.0.12, 7.4.3 and later (not functional workaround on 7.6.0). config system global set fgfm-deny-unknown enable end

Detection

YARA-L

IOCs mentioned in this blog post can be prioritized using Applied Threat Intelligence, and rules were released to the “Mandiant Intel Emerging Threats” rule pack (in the Windows Threats group) if you are a Google SecOps Enterprise+ customer.

Relevant Rules

Suspicious FortiManager Inbound and Outbound Connection

UNC5820 Fortinet Exploitation and File Download

UNC5820 Fortinet Exploitation and non-HTTPS Command and Control

UNC5820 Fortinet Exploitation and HTTPS Command and Control

Other SIEMs

Create searches for the following pertinent IOCs using Fortiguard logs. Specifically, if activated, the Malicious Fortinet Device ID need to deliver a high quality alert.

In the FortiManager logs, establish baselines and thresholds for distinct processes. Specifically, “Add device” and “Modify device” procedures can be infrequent enough for your company to issue a useful warning until this vulnerability is fixed.

In the FortiManager logs, baseline and establish thresholds for the changes field. When the word “Unregistered” appears in the changes field, take into account a higher sensitivity.

Every day, count the Fortigate devices and notify you when a device name that hasn’t been seen in the logs is detected.

Indicators of Compromise (IOCs)

Registered users can access a Google Threat Intelligence Collection of IOCs.

Read more on govindhtech.com

The Right Data Recovery Houston Company for Your Needs

The right data recovery in Houston company is crucial for restoring lost or corrupted data effectively. Look for a provider with a proven track record, certified technicians, and a transparent process. Ensure they offer a free diagnostic and have a strong reputation for customer service. Selecting the right company can make all the difference in recovering your valuable data swiftly and securely.

Understanding Your Data Recovery Houston Needs

When it comes to data recovery in Houston, identifying your specific needs is crucial. Data recovery services can range from simple file restoration to complex disk repairs. Assess whether you need to recover lost files from a failed hard drive, a corrupted RAID system, or a damaged SSD. Understanding your requirements will help you choose the right data recovery Houston company that specializes in the type of recovery you need.

Evaluating the Expertise of Data Recovery Houston Providers

Not all data recovery companies offer the same level of expertise. It’s essential to evaluate the qualifications and experience of potential data recovery Houston providers. Look for certifications, such as those from the International Society of Forensic Computer Examiners (ISFCE) or other relevant bodies. A reputable company should have a track record of successfully handling various types of data recovery cases, from individual file restoration to complex system repairs.

Assessing Technology and Tools Used by Data Recovery Houston Companies

The technology and tools used by data recovery Houston companies play a significant role in the success of data recovery operations. Ensure that the company employs advanced data recovery tools and technologies, such as clean room facilities for physical repairs and specialized software for logical data recovery. Companies with state-of-the-art equipment are more likely to achieve successful recovery results.

Considering Turnaround Time for Data Recovery Houston Services

Turnaround time is a critical factor when choosing a data recovery Houston company. Depending on the urgency of your data recovery needs, some companies may offer expedited services. Inquire about the average turnaround time and whether the company provides options for emergency recovery. A quick response can be crucial if you’re dealing with time-sensitive data.

Reviewing Customer Testimonials and Success Stories

Customer reviews and success stories can provide valuable insights into the reliability of a data recovery Houston company. Look for testimonials from clients who have had similar data recovery needs. Positive feedback and case studies showcasing successful recoveries can help you gauge the company’s effectiveness and customer satisfaction.

Comparing Pricing Models for Data Recovery Houston Services

Pricing is an important consideration when choosing a data recovery Houston company. Different companies may have varying pricing models, such as flat rates or charges based on the complexity of the recovery. Obtain quotes from multiple providers and compare them to ensure you’re getting a fair price. Be cautious of extremely low prices, as they may indicate subpar service or hidden costs.

Evaluating Customer Support and Service Quality

Customer support is an often overlooked aspect of data recovery services. A good data recovery Houston company should offer excellent customer support throughout the recovery process. This includes clear communication, regular updates, and a willingness to answer your questions. Reliable customer support can make the data recovery experience smoother and less stressful.

Conclusion

Choosing the right data recovery Houston company is a critical decision for successfully retrieving your lost or damaged data. By understanding your needs, evaluating expertise, assessing technology, considering turnaround times, reviewing testimonials, comparing pricing, and evaluating customer support, you can make an informed choice. Prioritize these factors to ensure you select a data recovery Houston provider that best meets your requirements and delivers high-quality service.

Tails OS

Have you ever traveled and succumbed to using a public computer that could be compromised and could potentially steal your data? Or even want to increase your privacy and anonymity against surveillance? The Tails operating system covers this. After doing some Tor browser surfing, I recently discovered Tails and decided to dig deeper into it and play around with it as I am always looking for new tools and protection measures, I can learn and use. Tails, or “The Amnesic Incognito Live System", is a security-focused Debian-based Linux distribution that connects to the internet only through the Tor network. works by routing internet traffic through a series of volunteer-operated servers called nodes or relays. Each user's data is encrypted multiple times and then sent through a randomly selected path of these nodes before reaching its final destination. At each node, one layer of encryption is removed, revealing only the next node in the path, like peeling layers of an onion, hence its logo and nickname.

Tail's most notable feature is its ability to boot from a USB or CD to turn any computer into a temporary” secure” machine by creating an almost ghost-like presence on the machine. When using Tails nothing is written to the hard disk and only runs from the memory on the computer. On top of this, Tails will actually overwrite the memory when exiting to prevent any cold boot attacks. Meaning, that once you shut down the OS all of your actions and information will be erased from memory. This is much more secure than just using incognito mode in your browser because that information could still be retrieved using computer forensics measures. Despite all this, Tails is not a hundred percent secure. There is still room for vulnerabilities like everything in the cyber realm and you do have the ability to sore data on the portable device to transfer between sessions and it is automatically encrypted, but this can be another vulnerability.

Fun fact: Tails it was used by Edward Snowden the ex-N NSA employee who leaked government secrets.

Sources: