Forensic Chapter 7 - Cloud Forensic

1. Two Cloud Forensic Ways

1. Computer forensic in the cloud

   • Take a snapshot from VMs
   • Prepare a VM as forensics workstation
   • Attach your VM snapshot as read-only
   • Do computer forensic

2. Forensic in cloud environment

   1. Establish assets inventory
   2. Deploy and integrate SIEM (Security information and Event Management)
   3. Keep logging and send logs to SIEM
   4. Define and apply secure environment for logging and SIEM infrastructure
   5. Setup preset credentials to access your VMs in the cloud
   6. Build-up skills and capabilities
   7. Continuous improvement

2. SIEM Stack

1. Paid Version
   Splunk expensive cloud forensic platform

2. Free Version
   Elastic free colud forensic platform

   1. Diagram

   

   2. Architecture