Cloud Forensics Methodology

1 min read Advanced Security Topics

Cloud Forensics Methodology

Cloud forensics requires adapted methodologies:

Evidence Sources in Cloud:

  1. API Audit Logs: All API calls and administrative actions
  2. Resource Configurations: Security groups, network ACLs, IAM policies
  3. Flow Logs: Network traffic metadata
  4. Object Storage Logs: Access to S3, Blob Storage, Cloud Storage
  5. Compute Snapshots: EBS snapshots, managed disk snapshots
  6. Memory Dumps: If supported by instance type
  7. Application Logs: CloudWatch, Azure Monitor, Stackdriver