EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics

Guest:

• Jason Solomon, Security Engineer, Google

Topics:

• Could you share a bit about when you get pulled into incidents and what are your goals when you are?

• How does that change in the cloud? How do you establish a chain of custody and prove it for law enforcement, if needed?

• What tooling do you rely on for cloud forensics and is that tooling available to "normal people"? 

• How do we at Google know when it’s time to call for help, and how should our customers know that it’s time? 

• Can I quote Ray Parker Jr and ask, who you gonna call?

• What’s your advice to a security leader on how to “prepare for the inevitable” in this context? 

• Cloud forensics - is it easier or harder than the 1990s classic forensics?

 Resource:

• EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud

• EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

• EP103 Security Incident Response and Public Cloud - Exploring with Mandiant

• Google SRE Workbook (Ch 9)

• GRR

• Cloud Logging

• LibCloudForensics, Turbinia, Timesketch tools