performing-cloud-forensics-investigation
Installation
SKILL.md
Performing Cloud Forensics Investigation
When to Use
- When investigating a security breach in AWS, Azure, or GCP cloud environments
- For collecting volatile and non-volatile evidence from cloud infrastructure
- When tracing unauthorized access through cloud service API logs
- During incident response requiring preservation of cloud-based evidence
- For analyzing compromised virtual machines, containers, or serverless functions
Prerequisites
- Administrative access to the cloud account under investigation
- AWS CLI, Azure CLI, or gcloud CLI configured with appropriate permissions
- Understanding of cloud-native logging (CloudTrail, Activity Log, Audit Log)
- Forensic workstation with cloud SDKs installed
- Knowledge of IAM, networking, and compute services in target cloud
- Evidence preservation procedures for cloud environments