Explore cloud forensics techniques and challenges in this 54-minute conference talk from AppSecCali 2019. Delve into the unique aspects of investigating security breaches in cloud environments, where traditional forensic methods may not apply. Learn about the complexities of imaging disks in variable-sized, API-driven cloud infrastructures, and understand how recent AWS product launches have impacted incident response procedures. Gain insights from Brandon Sherman, a Senior Cloud Infrastructure Engineer at Twilio, as he discusses topics such as EBS volumes, file markers, chain of custody, permission principles, and threat modeling in cloud forensics. Discover practical advice for both defenders and potential attackers, and consider the pros and cons of various approaches to cloud security response.
Cloud Forensics - Putting The Bits Back Together
Overview
Syllabus
Introduction
Start with Y
AWS Services
Clue
Questions
The Process
PhotoRec
EBS Volumes
File Markers
Volume Types
Chain of Custody
Permission Principles
Admin Policy
Blast Radius
Threat Model
Nonroot EBS volumes
Multiple AWS accounts
Write sensitive information to AMI
Hiring
Pros and Cons
Automation
Advice for attackers
Taught by
OWASP Foundation
