A New Perspective on Resource-Level Cloud Forensics
AWS classifies cloud incidents across three domains: Service, Infrastructure, and Application. There has been much previous discussion across the Service and Application domains, see for example the excellent SANS DFIR 2022 Keynote. This talk will focus on the unique challenges and opportunities of responding to incidents in the Infrastructure domain. Cloud Service Providers, such as AWS, GCP and Azure, often introduce artifacts of forensic value when developing features for the automation and monitoring of resources. Typically, these artifacts are undocumented and exist purely for the provider's own troubleshooting, but they also provide valuable insight to an investigator analyzing malicious activity on a system. Frequently, this insight surpasses that of “provider-supported” forensic data sources. Most of the discourse around performing forensics in the cloud focuses on provider-level logging. While this is undoubtedly useful, practitioners understand that resource-level forensic analysis is crucial when responding to incidents affecting cloud infrastructure. And much of this knowledge remains opaque and undocumented. In this presentation, Chris Doman, CTO of Cado Security will present novel research on undocumented forensic artifacts from cloud service provider-specific operating systems and tools. He will provide the audience with an overview of forensic techniques across cloud computing and serverless environments. He will also discuss native operating system artifacts, contrast them with their cloud equivalents, and consider their usefulness in the context of the cloud. Attendees can expect to gain a unique perspective on resource-level cloud forensics and should leave the talk with a host of new data sources and knowledge for performing forensic analysis of cloud resources.
SANS DFIR Summit 2023
Speaker: Chris Doman, Co-founder, Cado Security
View upcoming Summits: http://www.sans.org/u/DuS
Видео A New Perspective on Resource-Level Cloud Forensics канала SANS Digital Forensics and Incident Response
SANS DFIR Summit 2023
Speaker: Chris Doman, Co-founder, Cado Security
View upcoming Summits: http://www.sans.org/u/DuS
Видео A New Perspective on Resource-Level Cloud Forensics канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
19 сентября 2023 г. 18:08:32
00:28:11
Другие видео канала
Episode 129: Encryption - Part 5Atomic Ransomware EmulationDeciphering Browser Hieroglyphics - SANS Digital Forensics and Incident Response Summit 2017Why take FOR585: Smartphone Forensic Analysis In-Depth OnDemandApplying Threat Intelligence Practically to Meet the Needs of an Evolving Regulatory EnvironmentHow has FOR578 - Cyber Threat Intelligence helped you in your current job?Ransomware Running Wild in the CloudEpisode 156: IPv4 - Part 2SANS Threat Analysis Rundown (STAR) with Katie NickelsSANS Threat Analysis Rundown (STAR)Tracking Traces of Deleted Applications - SANS DFIR Summit 2019The Truth About USB “Serial Numbers” – ReduxEpisode 155: IPv4 - Part 1Episode 102: USB Forensics Series - Part 4 of 7SANS Threat Analysis Rundown (STAR)How an Info Sharing Analysis Center Works w/ its Members to Improve Cyber Defenses for Their SectorSANS Threat Analysis Rundown (STAR)Cracking the Beacon: Automating The Extraction of Implant ConfigurationsSANS DFIR WEBCAST: Smartphone Forensics Moves Fast. Stay Current or You May Miss Relevant Evidence!FOR585 Course Animation: Solid State Memory Properties