Digital Forensics and Incident Response | DFIR
  • Blog
  • Infosec
  • Windows Forensics
  • Mac Forensics
  • Memory Forensics
  • Incident Response
  • Contact

What you should do when EC2 is hacked?

4/16/2019

0 Comments

 

  1. Stop the instance immediately.
  2. Take a snapshot of the EBS Volume.
  3. Deploy the instance in to an isolated environment.
  4. Isolate VPC, ensure no internet access.
  5. Access the instance using a Forensic Instance.
  6. Review the logs for the next steps.
  7. Perform the forensic analysis.
0 Comments



Leave a Reply.

    Archives

    April 2020
    September 2019
    August 2019
    July 2019
    June 2019
    April 2019
    February 2019
    March 2018

    Categories

    All
    Aws
    Cloud
    Dfir
    Incident Response
    Linux
    Recon

    RSS Feed