Ganesh Ramakrishnan / Mansoor Haqanee
Enhance your skills as a cloud investigator to adeptly respond to cloud incidents by combining traditional forensic techniques with innovative approachesKey FeaturesUncover the steps involved in cloud forensic investigations for M365 and Google WorkspaceExplore tools and logs available within AWS, Azure, and Google for cloud investigationsLearn how to investigate containerized services such as Kubernetes and DockerPurchase of the print or Kindle book includes a free PDF eBookBook DescriptionAs organizations embrace cloud-centric environments, it becomes imperative for security professionals to master the skills of effective cloud investigation. Cloud Forensics Demystified addresses this pressing need, explaining how to use cloud-native tools and logs together with traditional digital forensic techniques for a thorough cloud investigation. The book begins by giving you an overview of cloud services, followed by a detailed exploration of the tools and techniques used to investigate popular cloud platforms such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). Progressing through the chapters, you’ll learn how to investigate Microsoft 365, Google Workspace, and containerized environments such as Kubernetes. Throughout, the chapters emphasize the significance of the cloud, explaining which tools and logs need to be enabled for investigative purposes and demonstrating how to integrate them with traditional digital forensic tools and techniques to respond to cloud security incidents. By the end of this book, you’ll be well-equipped to handle security breaches in cloud-based environments and have a comprehensive understanding of the essential cloud-based logs vital to your investigations. This knowledge will enable you to swiftly acquire and scrutinize artifacts of interest in cloud security incidents. What you will learnExplore the essential tools and logs for your cloud investigationMaster the overall incident response process and approachFamiliarize yourself with the MITRE ATT&CK framework for the cloudGet to grips with live forensic analysis and threat hunting in the cloudLearn about cloud evidence acquisition for offline analysisAnalyze compromised Kubernetes containersEmploy automated tools to collect logs from M365Who this book is forThis book is for cybersecurity professionals, incident responders, and IT professionals adapting to the paradigm shift toward cloud-centric environments. Anyone seeking a comprehensive guide to investigating security incidents in popular cloud platforms such as AWS, Azure, and GCP, as well as Microsoft 365, Google Workspace, and containerized environments like Kubernetes will find this book useful. Whether you’re a seasoned professional or a newcomer to cloud security, this book offers insights and practical knowledge to enable you to handle and secure cloud-based infrastructure.Table of ContentsIntroduction to the CloudTrends in Cyber and Privacy Laws and Their Impact on DFIRExploring the Major Cloud ProvidersDFIR Investigations - Logs in AWSDFIR Investigations - Logs in AzureDFIR Investigations - Logs in GCPCloud Productivity SuitesThe Digital Forensics and Incident Response ProcessCommon Attack Vectors and TTPsCloud Evidence AcquisitionAnalyzing Compromised ContainersAnalyzing Compromised Cloud Productivity Suites
