Notifications
Clear all

cloud forensic

5 Posts
5 Users
0 Likes
1,023 Views
(@afsfr)
Posts: 37
Eminent Member
Topic starter
 

I am going to do internal cloud forensic investigation, is there any software tool or package we can use for cloud forensic evidence and artifact collection? any tips comparing windows/Linux forensics? we are using aws, 80% application and infra hosted in the cloud

 
Posted : 08/11/2019 1:35 am
OxygenForensics
(@oxygenforensics)
Posts: 143
Estimable Member
 

It depends on what cloud data exactly you are going to extract. You can have a look at our Oxygen Forensic Cloud Extractor that supports a great variety of cloud services and storages.

 
Posted : 08/11/2019 8:16 am
benfindlay
(@benfindlay)
Posts: 142
Estimable Member
 

I am going to do internal cloud forensic investigation, is there any software tool or package we can use for cloud forensic evidence and artifact collection? any tips comparing windows/Linux forensics? we are using aws, 80% application and infra hosted in the cloud

An “internal cloud” … something like https://localstack.cloud by any chance?

Putting aside the precise implementation; if the cloud is indeed internal, then surely it’s somewhere on a machine inside your network to which you therefore have physical access?

It may be old school, but is there a reason you’re not doing a full physical image of the drives and are instead looking at cloud based extraction? It may take more storage to image the entire storage, but you’re more likely that way to be able to recover deleted data etc.

Then again, the size of the cloud may prohibit this, but a selective capture from the physical device would be suitable in that situation I expect?

Ben

 
Posted : 09/11/2019 9:07 am
(@d1m4g3r)
Posts: 28
Eminent Member
 

I side with Ben on first of all determining if a full physical imaging is possible. Next, what exactly are you looking at? Is there a particular set of data that is of interest? Oxygen and Cellebrite both have Cloud solutions that allow cloud extraction, but I think you would have to go user by user. In fact, I think that applies to most cloud extraction tools out there. I mean you can run the same tasks for multiple users but ultimately that's how it would work, user by user.

I think Belkasoft had some cloud extraction capability inbuilt in it's Forensic Suite. See if you can reach out to them for more info.

Ultimately, as long as you have administrator access right with respect to the cloud in question, you should be able to extract user data and the necessary logs.

If you feel comfortable sharing more about what type of examination you are trying to carry out, I'm sure we would be able to provide a better tailored response.

Wish you all the best.

Grenolph

 
Posted : 10/11/2019 9:41 pm
(@eugenebelk)
Posts: 16
Active Member
 

I think Belkasoft had some cloud extraction capability inbuilt in it's Forensic Suite. See if you can reach out to them for more info.

Sure, feel free to try Belkasoft for free at https://belkasoft.com/get

 
Posted : 19/11/2019 3:28 pm
Share: