Cloud Evidence Collection

1 min read Advanced Security Topics

Cloud Evidence Collection

Cloud environments present unique challenges for evidence collection:

Cloud Collection Considerations:

Shared responsibility model
Multi-tenancy concerns
Geographic distribution
API-based access
Rapid resource provisioning/deprovisioning

Cloud Evidence Sources:

Compute Instances: Snapshots, memory dumps
Storage Services: Object versioning, access logs
Network Logs: Flow logs, load balancer logs
Identity Logs: Authentication events, API calls
Configuration: Resource settings, security groups

Cloud Provider Tools:

AWS: CloudTrail, VPC Flow Logs, S3 access logging
Azure: Activity Logs, NSG Flow Logs, Storage Analytics
GCP: Cloud Audit Logs, VPC Flow Logs, Stackdriver