๐”– Scriptorium
โœฆ   LIBER   โœฆ
๐Ÿ“

Cloud Forensics Demystified: Decoding cloud investigation complexities for digital forensic professionals

โœ Scribed by Ramakrishnan, Ganesh, Haqanee, Mansoor

Publisher
Packt
Year
2024
Tongue
English
Leaves
384
Category
Library
โฌ‡  Acquire This Volume

No coin nor oath required. For personal study only.

โœฆ Synopsis

Enhance your skills as a cloud investigator to adeptly respond to cloud incidents by combining traditional forensic techniques with innovative approaches Key Features

Uncover the steps involved in cloud forensic investigations for M365 and Google Workspace

Explore tools and logs available within AWS, Azure, and Google for cloud investigations

Learn how to investigate containerized services such as Kubernetes and Docker

Purchase of the print or Kindle book includes a free PDF eBook

Book DescriptionAs organizations embrace cloud-centric environments, it becomes imperative for security professionals to master the skills of effective cloud investigation. Cloud Forensics Demystified addresses this pressing need, explaining how to use cloud-native tools and logs together with traditional digital forensic techniques for a thorough cloud investigation. The book begins by giving you an overview of cloud services, followed by a detailed exploration of the tools and techniques used to investigate popular cloud platforms such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP). Progressing through the chapters, you'll learn how to investigate Microsoft 365, Google Workspace, and containerized environments such as Kubernetes. Throughout, the chapters emphasize the significance of the cloud, explaining which tools and logs need to be enabled for investigative purposes and demonstrating how to integrate them with traditional digital forensic tools and techniques to respond to cloud security incidents. By the end of this book, you'll be well-equipped to handle security breaches in cloud-based environments and have a comprehensive understanding of the essential cloud-based logs vital to your investigations. This knowledge will enable you to swiftly acquire and scrutinize artifacts of interest in cloud security incidents. What you will learn

Explore the essential tools and logs for your cloud investigation

Master the overall incident response process and
โ€ฆ

โœฆ Table of Contents

Cover
Title Page
Copyright and Credits
Contributors
Table of Contents
Preface
Part 1: Cloud Fundamentals
Chapter 1: Introduction to the Cloud
Advantages and disadvantages of cloud computing
An overview of cloud services
Cloud deployment models
Cloud adoption success stories
Impact of the cloud and other technologies
Summary
Further reading
Chapter 2: Trends in Cyber and Privacy Laws and Their Impact on DFIR
The role of a breach counselor (breach coach)
General legal considerations for cloud adoption
eDiscovery considerations and legal guidance
Digital forensics challenges
Legal frameworks for private data
Contractual private data
Regulated private data
Jurisdictional requirements in relation to private data
Legal implications for data retention and deletion
Responsibilities and liabilities of the cloud and their implications for incident response
Jurisdiction and cross-border data transfers
Summary
Further reading
Chapter 3: Exploring the Major Cloud Providers
Amazon Web Services (AWS)
Amazon Elastic Compute Cloud (EC2)
Amazon Virtual Private Cloud (VPC)
Amazon Simple Storage Service (S3)
AWS Identity and Access Management (IAM)
Amazon Relational Database Service (RDS)
Microsoft Azure
Microsoft Azure virtual machines
Microsoft Azure Virtual Network
Microsoft Azure Blob Storage
Microsoft Azure Active Directory (Azure AD)
Microsoft Azure SQL Database
Google Cloud Platform (GCP)
Google Compute Engine (GCE)
Google Virtual Private Cloud (VPC)
Google Cloud Storage (GCS)
Google Cloud SQL
Other cloud service providers
Summary
Further reading
Chapter 4: DFIR Investigations โ€“ Logs in AWS
VPC flow logs
VPC basics
Sample VPC flow log
DFIR use cases for VPC flow logging
S3 access logs
Logging options
DFIR use cases for S3 monitoring
AWS CloudTrail
Creating a trail
Event data stores
Investigating CloudTrail events
DFIR use cases for CloudTrail logging
AWS CloudWatch
CloudWatch versus CloudTrail
Setting up CloudWatch logging
Querying CloudWatch logs on the AWS console
DFIR use cases for CloudWatch
Amazon GuardDuty
Amazon Detective
Summary
Further reading
Part 2: Forensic Readiness: Tools, Techniques, and Preparation for Cloud Forensics
Chapter 5: DFIR Investigations โ€“ Logs in Azure
Azure Log Analytics
Azure Virtual Networks
NSG flow logs
Azure Storage
Azure Monitor
Azure Virtual Machines log analysis
Microsoft Defender for Cloud
NSG flow logs
Microsoft Sentinel
Summary
Further reading
Chapter 6: DFIR Investigations โ€“ Logs in GCP
GCP core services
GCP IAM
GCPโ€™s IAM roles and identities
Policy Analyzer
DFIR use cases for Policy Analyzer
GCP Logs Explorer
Overview of log buckets
DFIR use cases for using Logs Explorer
Familiarizing with Logs Explorer
VPC Flow Logs
Enabling VPC Flow Logs
Hunting VPC Flow Logs for malicious activities
Packet Mirroring
Compute Engine logs
GCPโ€™s logging platform
GCPโ€™s default logging
Logging Dataflow pipelines
GCP storage logs
Storage permissions
Storage object logging
Investigating GCP Cloud storage logs
Cloud Security Command Center (Cloud SCC)
IAM roles
Threats and Findings dashboards
GCP Cloud Shell
Summary
Further reading
Chapter 7: Cloud Productivity Suites
Overview of Microsoft 365 and Google Workspace core services
Microsoft 365
Google Workspace
IAM in Microsoft 365 and Google Workspace
Microsoft 365
Google Workspace
Auditing and compliance features in Microsoft 365 and Google Workspace
Microsoft 365โ€™s Security and Compliance Center (Microsoft Purview)
Google Workspace Admin console and security features
Summary
Further reading
Part 3: Cloud Forensic Analysis โ€“ Responding to an Incident in the Cloud
Chapter 8: The Digital Forensics and Incident Response Process
The basics of the incident response process
Tools and techniques for digital forensic investigations
Prerequisites
Cloud host forensics
Memory forensics
Live forensic analysis and threat hunting
EDR-based threat hunting
Hunting for malware
Common persistence mechanisms
Network forensics
Basic networking concepts
Cloud network forensics โ€“ log sources and tools
Network investigation tools
Malware investigations
Setting up your malware analysis lab
Working with packed malware
Binary comparison
Traditional forensics versus cloud forensics
Summary
Further reading
Chapter 9: Common Attack Vectors and TTPs
MITRE ATT&CK framework
Forensic triage collections
Host-based forensics
Evidence of intrusion
Prefetch analysis
AmCache analysis
ShimCache analysis
Windows Event Logs
Analyzing memory dumps
Misconfigured virtual machine instances
Unnecessary ports left open
Default credentials left unchanged
Outdated or unpatched software
Publicly exposed sensitive data (or metadata)
Misconfigured storage buckets
Public permissions
Exposed API keys or credentials
Improper use of IAM policies
Cloud administrator portal breach
Summary
Further reading
Chapter 10: Cloud Evidence Acquisition
Forensic acquisition of AWS instance
Step 1 โ€“ creating EC2 volume snapshots
Step 2 โ€“ acquiring OS memory images
Step 3 โ€“ creating a forensic collector instance
Step 4 โ€“ creating and attaching infected volume from snapshots
Step 5 โ€“ exporting collected images to AWS S3 for offline processing
Forensic acquisition of Microsoft Azure Instances
Step 1 โ€“ creating an Azure VM Snapshot
Step 2 โ€“ exporting an Azure VM snapshot directly
Step 3 โ€“ connecting to an Azure VM for memory imaging
Forensic acquisition of GCP instances
Step 1 โ€“ creating a snapshot of the compute engine instance
Step 2 โ€“ attaching a snapshot disk for forensic acquisition
Step 3 โ€“ connecting to the GCP compute engine instance for memory acquisition
Summary
Further reading
Chapter 11: Analyzing Compromised Containers
What are containers?
Docker versus Kubernetes
Types of containers and their use cases
Detecting and analyzing compromised containers
About the Kubernetes orchestration platform
Acquiring forensic data and container logs for analysis
Summary
Further reading
Chapter 12: Analyzing Compromised Cloud Productivity Suites
Business email compromise explained
BEC attack phases
Common types of BECs
Initial scoping and response
Remediation steps
Microsoft 365 incident response
Tooling
Analysis
Google Workspace incident response
Tooling
Analysis
Summary
Further reading
Index
Other Books You May Enjoy

๐Ÿ“œ SIMILAR VOLUMES

Cloud Forensics Demystified: Decoding cl
๐Ÿ“ Cloud Forensics Demystified: Decoding cloud investigation complexities for digital forensic professionals
โœ Ganesh Ramakrishnan, Mansoor Haqanee ๐Ÿ“‚ Library ๐Ÿ“… 2024 ๐Ÿ› Packt Publishing ๐ŸŒ English

<p><span>Enhance your skills as a cloud investigator to adeptly respond to cloud incidents by combining traditional forensic techniques with innovative approaches</span></p><p><span><br></span></p><p><span>Key Features: </span></p><ul><li><span><span>Uncover the steps involved in cloud forensic inve

Cloud Forensics Demystified: Decoding cl
๐Ÿ“ Cloud Forensics Demystified: Decoding cloud investigation complexities for digital forensic professionals
โœ Ganesh Ramakrishnan, Mansoor Haqanee ๐Ÿ“‚ Library ๐Ÿ“… 2024 ๐Ÿ› Packt Publishing ๐ŸŒ English

<p><span>Enhance your skills as a cloud investigator to adeptly respond to cloud incidents by combining traditional forensic techniques with innovative approaches</span></p><p><span><br></span></p><p><span>Key Features: </span></p><ul><li><span><span>Uncover the steps involved in cloud forensic inve

Cloud Forensics Demystified: Decoding cl
๐Ÿ“ Cloud Forensics Demystified: Decoding cloud investigation complexities for digital forensic professionals
โœ Ganesh Ramakrishnan, Mansoor Haqanee ๐Ÿ“‚ Library ๐Ÿ“… 2024 ๐Ÿ› Packt Publishing ๐ŸŒ English

<p><span>Enhance your skills as a cloud investigator to adeptly respond to cloud incidents by combining traditional forensic techniques with innovative approaches</span></p><p><span><br></span></p><p><span>Key Features: </span></p><ul><li><span><span>Uncover the steps involved in cloud forensic inve

Contemporary Digital Forensic Investigat
๐Ÿ“ Contemporary Digital Forensic Investigations of Cloud and Mobile Applications
โœ Kim-Kwang Raymond Choo and Ali Dehghantanha (Eds.) ๐Ÿ“‚ Library ๐Ÿ“… 2016 ๐Ÿ› Syngress ๐ŸŒ English

</header><div itemprop="description" class="collapsable text"><P><EM>Contemporary Digital Forensic Investigations of Cloud and Mobile Applications</EM> comprehensively discusses the implications of cloud (storage) services and mobile applications on digital forensic investigations. The book provides