Forensics & IR
Cloud Forensics
Also known as: Cloud incident forensics, SaaS forensics
Definition
Forensic investigation of cloud-hosted infrastructure, applications, and SaaS services, working with provider APIs, audit logs, and ephemeral resources.
Examples
- Tracing an AWS account compromise through CloudTrail to a stolen IAM access key.
- Snapshotting an Azure VM disk and live-acquiring its memory via Run Command for analysis.
Related terms
Digital Forensics
The scientific discipline of identifying, preserving, analysing, and reporting on digital evidence from computers, networks, and devices in a legally defensible way.
DFIR (Digital Forensics and Incident Response)
A combined discipline that fuses digital forensic investigation with incident response to detect, contain, eradicate, and learn from cyber incidents.
Log Analysis
Log Analysis — definition coming soon.
Cloud Security
The set of policies, controls, and technologies that protect data, applications, and infrastructure hosted in public, private, or hybrid cloud environments.
Evidence Acquisition
Evidence Acquisition — definition coming soon.
Chain of Custody
The chronological, documented trail showing every person, location, and action affecting a piece of evidence from seizure through final disposition.