Cloud forensics software
- We’ve built a platform to automate incident response and forensics in AWS, Azure and GCP — you can grab a demo here. You can also download a free playbook we’ve written on how to respond to security incidents in the cloud.
- Cado: Cado is a cloud forensics and incident response platform that helps security teams investigate and respond to security incidents in the cloud. Cado automates data collection and analysis, and supports investigations across multiple cloud providers and environments.
- Google Cloud Forensics Utils: Google Cloud Forensics Utils is a collection of open-source tools for investigating and responding to security incidents in the Google Cloud Platform (GCP).
- Sleuthkit: Sleuthkit is a digital forensics toolkit that can be used to investigate a variety of devices, including cloud servers. You can use this to analyse DD images of cloud systems you’ve previously captured.
- Autopsy: Autopsy is a digital forensics platform that can be used to collect, analyze, and present evidence from a variety of sources, including the cloud. You can also use this to analyse DD images of cloud systems you’ve previously captured.
- FTK Imager: FTK Imager is a tool that can be used to create forensic images of disks and other storage devices. You can create a live image of cloud systems if you have access.
- DEFT: DEFT is a Linux distribution that includes a variety of digital forensics tools.
These are just a few of the many cloud forensics tools available. The best tool for a particular investigation will depend on the specific needs of the investigator.