THE DFIR BLOG
Menu

Incident Response Forensics

What you should do when EC2 is hacked?

4/16/2019

 

  1. Stop the instance immediately.
  2. Take a snapshot of the EBS Volume.
  3. Deploy the instance in to an isolated environment.
  4. Isolate VPC, ensure no internet access.
  5. Access the instance using a Forensic Instance.
  6. Review the logs for the next steps.
  7. Perform the forensic analysis.

Comments are closed.

    Archives

    April 2020
    September 2019
    August 2019
    July 2019
    June 2019
    April 2019
    February 2019
    March 2018

    Categories

    All
    Aws
    Cloud
    Dfir
    Incident Response
    Linux
    Recon

    RSS Feed

  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me
  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me