Partly Cloudy with a Bunch of DFIR
A Report from SANS and Uptycs
Cloud Computing: Everybody's Doing It.
Cloud computing provides an attractive alternative for many organizations, due to its capacity to provide a resilient, responsive approach to traditional computing environments.
However... Traditional detection and response methods were NOT developed for cloud-based incidents (as apparent with every step of the process from collection to analysis and with the level of difficulty increases in multicloud environments).
This paper explores the major cloud providers, models and deployments, reported attacks on the cloud, the challenges and processes surrounding collection, preservation, and analyzing cloud data, and some best practices moving forward.