10 Cloud Evidence Acquisition

Until now, we have looked at investigating artifacts locally within the cloud using the tools provided by the Cloud Service Provider (CSP). We looked at AWS GuardDuty CloudTrail from a logging and investigation point of view. We also looked at GCP’s Cloud Logging capability to investigate cloud logs emitted by various services, and Azure Monitor offers similar capabilities for services hosted within Microsoft Azure.

This chapter will take a step further in our cloud investigative journey and look at methods and techniques for securely collecting artifacts or forensic images of core services for offline analysis. Investigators will recognize that not all investigations can be performed using native cloud tools. Investigators ...

Get Cloud Forensics Demystified now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cloud Forensics Demystified by Ganesh Ramakrishnan, Mansoor Haqanee

10

Cloud Evidence Acquisition

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly