undefined | Better HN

0 pointssigmar8y ago0 comments

A few points:

>Not well respected

Did you criticize Crowdstike before the 2016 election? Because they're very highly regarded.

>You are taking crowdstrike at their word.

You don't have to trust Crowdstrike, as there are other organizations that did analysis. Most of my links were not from Crowdstrike.

The analyses do not rely solely on C&C IPs, and the fact that you keep harking on that makes me think you haven't read those links. There's lots of TTP and malware analysis.

>that's their defense for not handing over the servers/drives.

It is extremely common for groups to share imaged versions of a computer.

0 comments

arca_vorago8y ago

You are obviously not interested in intellectually honest discussion, so I'm not wasting anymore time with you.

sigmarOP8y ago

lol, great points. You are saying it is not common to image drives? The google results for disk+imaging+in+forensics disagrees

j / k navigate · click thread line to collapse