Cloud Security Podcast by Google

EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics

Feb 5, 2024

Jason Solomon, Security Engineer at Google, discusses the challenges of cloud forensics, including establishing a chain of custody and knowing when to call for help. He shares advice for security leaders on how to prepare for incidents and highlights recommended reading for cloud forensics.

21:33

Creator website

Episode guests

Jason Solomon

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Cloud forensics in the cloud requires knowledge of Linux forensics and scaling systems like Kubernetes.

Preparation, including setting up a response plan and leveraging cloud audit logs, is key to effective incident response in the cloud.

Deep dives

Importance of Cloud Forensics

Cloud forensics presents unique challenges compared to traditional computer forensics, but the principles remain the same. Acquiring data in the cloud is typically done through telemetry and targeted artifact acquisition. Cloud logging plays a crucial role in investigations, providing valuable information for analysis. While forensics skills are still essential, knowledge of Linux forensics and scaling systems like Kubernetes is necessary to navigate cloud environments.

Introduction

3min

Cloud Forensics: Challenges and Tools

9min

Who to Call for Help in Incident Management and Forensics

2min

Preparing for Incidents: Advice for Security Directors

5min

Recommended Reading and Tips for Cloud Forensics

2min

Guest:

Jason Solomon, Security Engineer, Google

Topics:

Could you share a bit about when you get pulled into incidents and what are your goals when you are?
How does that change in the cloud? How do you establish a chain of custody and prove it for law enforcement, if needed?
What tooling do you rely on for cloud forensics and is that tooling available to "normal people"?
How do we at Google know when it’s time to call for help, and how should our customers know that it’s time?
Can I quote Ray Parker Jr and ask, who you gonna call?
What’s your advice to a security leader on how to “prepare for the inevitable” in this context?
Cloud forensics - is it easier or harder than the 1990s classic forensics?

Resource:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Importance of Cloud Forensics

Preparing for Incidents in the Cloud

Recommended Resources and Tips

Remember Everything You Learn from Podcasts