Join Us!

Notifications
Clear all

cloud forensic  

  RSS
afsfr
(@afsfr)
Junior Member

I am going to do internal cloud forensic investigation, is there any software tool or package we can use for cloud forensic evidence and artifact collection? any tips comparing windows/Linux forensics? we are using aws, 80% application and infra hosted in the cloud

Quote
Posted : 08/11/2019 1:35 am
OxygenForensics
(@oxygenforensics)
Active Member

It depends on what cloud data exactly you are going to extract. You can have a look at our Oxygen Forensic Cloud Extractor that supports a great variety of cloud services and storages.

ReplyQuote
Posted : 08/11/2019 8:16 am
benfindlay
(@benfindlay)
Active Member

I am going to do internal cloud forensic investigation, is there any software tool or package we can use for cloud forensic evidence and artifact collection? any tips comparing windows/Linux forensics? we are using aws, 80% application and infra hosted in the cloud

An “internal cloud” … something like https://localstack.cloud by any chance?

Putting aside the precise implementation; if the cloud is indeed internal, then surely it’s somewhere on a machine inside your network to which you therefore have physical access?

It may be old school, but is there a reason you’re not doing a full physical image of the drives and are instead looking at cloud based extraction? It may take more storage to image the entire storage, but you’re more likely that way to be able to recover deleted data etc.

Then again, the size of the cloud may prohibit this, but a selective capture from the physical device would be suitable in that situation I expect?

Ben

ReplyQuote
Posted : 09/11/2019 9:07 am
sovietpecker
(@sovietpecker)
Junior Member

I side with Ben on first of all determining if a full physical imaging is possible. Next, what exactly are you looking at? Is there a particular set of data that is of interest? Oxygen and Cellebrite both have Cloud solutions that allow cloud extraction, but I think you would have to go user by user. In fact, I think that applies to most cloud extraction tools out there. I mean you can run the same tasks for multiple users but ultimately that's how it would work, user by user.

I think Belkasoft had some cloud extraction capability inbuilt in it's Forensic Suite. See if you can reach out to them for more info.

Ultimately, as long as you have administrator access right with respect to the cloud in question, you should be able to extract user data and the necessary logs.

If you feel comfortable sharing more about what type of examination you are trying to carry out, I'm sure we would be able to provide a better tailored response.

Wish you all the best.

Grenolph

ReplyQuote
Posted : 10/11/2019 9:41 pm
EugeneBelk
(@eugenebelk)
New Member

I think Belkasoft had some cloud extraction capability inbuilt in it's Forensic Suite. See if you can reach out to them for more info.

Sure, feel free to try Belkasoft for free at https://belkasoft.com/get

ReplyQuote
Posted : 19/11/2019 3:28 pm
Share: