From SANS Cloud Security
The world is changing and so is the data we need to conduct our investigations. New platforms change how data is stored and accessed. They remove the examiner’s ability to put their hands directly on the data. Many examiners are trying to force old methods for on-premise examination onto cloud hosted platforms. Rather than resisting change, examiners must learn to embrace the new opportunities presented to them in the form of new evidence sources.
Listen in to co-authors David Cowen and Pierre Lidome discuss how to Find the Storm in the Cloud with their new course, SANS FOR509: Enterprise Cloud Forensics and Incident Response. The course will help you:
- Understand forensic data only available in the cloud – Implement best practices in cloud logging for DFIR
- Properly handle rapid triage in cloud environments – Learn how to leverage Microsoft Azure, AWS and Google Workspace resources to gather evidence
- Understand what Microsoft 365 has available for analysts to review – Learn how to move your forensic process to the cloud for fast processing where the data lives
Learn more at www.sans.org/for509