Home Specialist skills Security FOR509: Enterprise Cloud Forensics and Incident Response

FOR509: Enterprise Cloud Forensics and Incident Response

Understand forensic data only available in the cloud
Implement best practices in cloud logging for Digital Forensics and Incident Response (DFIR)
Learn how to leverage Microsoft Azure, AWS and Google Cloud Platform resources to gather evidence
Understand what logs Microsoft 365 and Google Workspace have available for analysts to review
Learn how to move your forensic processes to the cloud for faster data processing

Overview

Off the shelf (OTS)

The world is changing and so is the data we need to conduct our investigations. Cloud platforms change how data is stored and accessed. They remove the examiner's ability to directly access systems and use classical data extraction methods. Unfortunately, many examiners are still trying to force old methods for on-premise examination onto cloud-hosted platforms.

Rather than resisting change, examiners must learn to embrace the new opportunities presented to them in the form of new evidence sources. FOR509: Enterprise Cloud Forensics and Incident Response addresses today's need to bring examiners up to speed with the rapidly changing world of enterprise cloud environments by uncovering the new evidence sources that only exist in the Cloud.