Want cloud-based forensics with less turmoil? Here are the top tech tips you will want to know.
March 27, 2020
Sometimes you don’t know what you don’t know until you get your hands dirty.
When I took responsibility for producing an automated cloud solution, my first step was mapping my skills to available toolsets. Unfortunately few of those tools were mature, which meant I had to create an initial build roadmap with incomplete knowledge on how to best perform forensics in the cloud … and then rewrite portions of code to fill in previous unknowns.
Today, I’m hoping to save you some time and effort by sharing lessons learned.
Depending on the engagement, my team — the people from Accenture’s Security, Cyber Investigation and Forensics Response (CIFR) — traditionally works in three digital forensics ‘zones.’ We either 1) use a client’s infrastructure and tools, 2) copy data to an off-domain incident response (IR) workstation or 3) copy data to an IR team’s physical lab.
But lately we’ve increasingly been performing forensics in the cloud, which provides many advantages. But as I found out, it also takes considerable forethought.
For teams new to forensics in the cloud, keep the following in mind.
How does the data’s location affect formally commencing an investigation?
Data sources can exist anywhere — the client’s physical location, its cloud provider, or even on portable media — with each posing varying levels of retrieval difficulty. For an IR consultant who is onsite with the client, it may be as easy as, “I’m local to my data.” But many consultant teams can be offsite and scattered globally. What’s important is that no matter their location, all consultants need access to the same data. Therefore, consider the following questions:
What are the new deployment requirements?
There are several things to keep in mind here that involve both technical and non-technical staff.
Cloud or not, resource management is important. Consider what your current IT solutions can address. For example, are you:
Cloud deployments can answer all these questions, but those answers are not turnkey.
For more information, please contact a member of our CIFR team 24/7/365 by phone 888-RISK-411 or email CIFR.firstname.lastname@example.org.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 425,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture help organizations protect their valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.
This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.
This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates.
Copyright © 2020 Accenture. All rights reserved. Accenture and its logo are trademarks of Accenture.
The third of this three-part blog series about how to implement and get the most from cloud-based cybersecurity forensics