Cloud Forensics in AWS Junior - 3 jours
Description
Amazon Web Services (AWS) is the platform of choice for countless companies, making its services prime targets for attackers. Core components like EC2 instances, S3 buckets, and RDS databases are constantly under threat. The cornerstone of securing these infrastructures is Identity and Access Management (IAM), which governs all permissions and authentication. Most incident scenarios in AWS leverage cloud-native methods that are fundamentally different from those in on-premise systems.
Facing these threats, digital forensics must evolve. The analysis of distributed logs from services like CloudTrail and CloudWatch, event correlation via the AWS API, and a deep understanding of the AWS ecosystem are a must-have.
-
3 days (21 hours)
-
AWS concepts, products and caveats
-
Review of the most popular attacks and investigation procedures
Public et prérequis
This training is suitable for individuals who have encountered security incidents before and are concerned about cloud incident. Technical skills are required in order to understand cloud attack and connect to CLI console (linux shell).
Previous understanding and usage of linux scripting is a plus.
Contenu
Day 1
Understanding Cloud Forensics. Key difference with traditional forensic. Setup an investigation environment. Essential tools and script to use. What is AWS ? Explain main core services. Focus on IAM. Understanding the logging system CloudTrail / CloudWatch.
Day 2
More on AWS logs. Investigate compromise EC2. Amazon AMI. S3. Common attacks and corresponding logs. GuardDuty. Network logs and VPC.
Day 3
Extension to day 2. IR playbook. Investigate large volume and create timeline. Amazon Athena. Help the analyst with third party tool.
Nous joindre
N'hesitez pas à nous contacter afin de nous faire part de vos besoins. Notre équipe commerciale se tient à votre disposition pour répondre à toutes vos questions.
Contacts commerciaux
