±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 4 Overall: 36205
New Yesterday: 1 Visitors: 140

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

cloud forensic

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

afsfr
Member
 

cloud forensic

Post Posted: Nov 08, 19 01:35

I am going to do internal cloud forensic investigation, is there any software tool or package we can use for cloud forensic evidence and artifact collection? any tips comparing windows/Linux forensics? we are using aws, 80% application and infra hosted in the cloud  
 
  

OxygenForensics
Senior Member
 

Re: cloud forensic

Post Posted: Nov 08, 19 08:16

It depends on what cloud data exactly you are going to extract. You can have a look at our Oxygen Forensic Cloud Extractor that supports a great variety of cloud services and storages.  
 
  

benfindlay
Senior Member
 

Re: cloud forensic

Post Posted: Nov 09, 19 09:07

- afsfr
I am going to do internal cloud forensic investigation, is there any software tool or package we can use for cloud forensic evidence and artifact collection? any tips comparing windows/Linux forensics? we are using aws, 80% application and infra hosted in the cloud


An “internal cloud” ... something like https://localstack.cloud by any chance?

Putting aside the precise implementation; if the cloud is indeed internal, then surely it’s somewhere on a machine inside your network to which you therefore have physical access?

It may be old school, but is there a reason you’re not doing a full physical image of the drives and are instead looking at cloud based extraction? It may take more storage to image the entire storage, but you’re more likely that way to be able to recover deleted data etc.

Then again, the size of the cloud may prohibit this, but a selective capture from the physical device would be suitable in that situation I expect?

Ben
_________________
Ben Findlay. BSc (Hons) MSc PgCLTHE FHEA MBCS MCSFS MIScT MCIIS
Course Leader BSc Computer and Digital Forensics
Teesside University 
 
  

sovietpecker
Member
 

Re: cloud forensic

Post Posted: Nov 10, 19 21:41

I side with Ben on first of all determining if a full physical imaging is possible. Next, what exactly are you looking at? Is there a particular set of data that is of interest? Oxygen and Cellebrite both have Cloud solutions that allow cloud extraction, but I think you would have to go user by user. In fact, I think that applies to most cloud extraction tools out there. I mean you can run the same tasks for multiple users but ultimately that's how it would work, user by user.

I think Belkasoft had some cloud extraction capability inbuilt in it's Forensic Suite. See if you can reach out to them for more info.

Ultimately, as long as you have administrator access right with respect to the cloud in question, you should be able to extract user data and the necessary logs.

If you feel comfortable sharing more about what type of examination you are trying to carry out, I'm sure we would be able to provide a better tailored response.

Wish you all the best.

Grenolph  
 

Page 1 of 1