Cloud Forensics

Comprehensive cloud forensics skill for investigating incidents in cloud platform environments. Enables analysis of cloud audit logs, resource configurations, data access patterns, and identity activities across AWS, Azure, GCP, and Microsoft 365 environments.

Capabilities

• AWS Forensics: Analyze CloudTrail, VPC Flow Logs, S3 access, IAM activity
• Azure Forensics: Analyze Azure Activity Logs, Sign-in logs, resource changes
• GCP Forensics: Analyze Cloud Audit Logs, VPC Flow Logs, IAM activity
• M365 Forensics: Analyze Unified Audit Log, mailbox audit, SharePoint activity
• Identity Analysis: Track user activities, permission changes, suspicious access
• Resource Inventory: Document cloud resources and configurations
• Data Access Analysis: Track access to cloud storage and databases
• Timeline Generation: Create cloud activity timeline
• Evidence Preservation: Snapshot and preserve cloud evidence
• Configuration Analysis: Detect misconfigurations and security gaps

Quick Start