SANS Community Nights are a great way to stay in touch with your local InfoSec community and to hear the latest in technical wizardry, industry intelligence, and thought leadership from our amazing presenters. Join us at the Grace Hotel for our next Community Event in Australia!
View the agenda below:
Registration, drinks and canapes
6:00pm - 7:00pm
DFIR Evidence Collection and Preservation for the Cloud
Josh Lemon, SANS Certified Instructor
Thank you for your interest in our community nights. This event is at capacity – please send an email to firstname.lastname@example.org to confirm if spots are available. Alternatively, you can go on our waitlist.
The assumption that a change in where or how data is stored always seems to lead to the false belief that forensics is dead. With the cloud, digital forensics is given new capabilities and depth that do not exist in the on-premise world. However, this is only useful if you know how to correctly configure and set up evidence preservation for your cloud environments.
One of the most significant challenges with cloud environments today is that evidence retention works on a continuous sliding time window. This could mean your evidence is slowly ageing out of existence, if you don't know where to collect it immediately, or that your evidence may never have been generated if you have not already configured your cloud platform correctly.
This presentation will take attendees through a quickfire set-up of how best to configure their; Azure, Amazon Web Services, Google Cloud Platform, Microsoft 365, or Google Workspace platforms, to ensure they have the best possible chance of maintaining evidence for digital forensics and incident response investigations. The techniques shown during this session are derived from the SANS FOR509: Enterprise Cloud Forensics and Incident Response course.