Investigating cybersecurity incidents in a cloud environment presents unique challenges that require a specialized forensics discipline situated at the intersection of cloud computing and digital forensics. Cloud forensics requires investigators to work with many types of assets, including virtual and physical servers, traditional and software-defined networks, storage devices, and applications.
Typically, there are three cloud service models (IaaS, PaaS, and SaaS). Cloud environments are further differentiated as private, public, community, and hybrid — each with different levels and types of access available. Evidence-capture capabilities and responsibilities vary based on the model and type, and on the underlying cloud service provider (CSP). Understanding how to navigate this shared responsibility model, and how to capture and analyze evidence that’s admissible in a court of law, is critical when investigating incidents in the cloud.
With our highly technical, full-stack operational background, Rule4 is uniquely skilled to perform cloud forensics.