Cloud Network Forensics

1 min read Advanced Security Topics

Cloud Network Forensics

Cloud environments require adapted approaches:

AWS Network Forensics:

  • VPC Flow Logs
  • CloudTrail API logs
  • ELB access logs
  • Route 53 query logs
  • GuardDuty findings

Collection Example:

# Enable VPC Flow Logs
aws ec2 create-flow-logs --resource-type VPC --resource-ids vpc-12345678 \
  --traffic-type ALL --log-destination-type s3 --log-destination arn:aws:s3:::my-flow-logs

Azure Network Forensics:

  • NSG Flow Logs
  • Azure Firewall logs
  • Application Gateway logs
  • Traffic Analytics
  • Network Watcher

GCP Network Forensics:

  • VPC Flow Logs
  • Cloud Firewall logs
  • Load Balancer logs
  • Cloud NAT logs
  • Packet Mirroring