DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

Incident Response Forensics

What you should do when EC2 is hacked?

4/16/2019

 

  1. Stop the instance immediately.
  2. Take a snapshot of the EBS Volume.
  3. Deploy the instance in to an isolated environment.
  4. Isolate VPC, ensure no internet access.
  5. Access the instance using a Forensic Instance.
  6. Review the logs for the next steps.
  7. Perform the forensic analysis.

Comments are closed.

    Archives

    April 2020
    September 2019
    August 2019
    July 2019
    June 2019
    April 2019
    February 2019
    March 2018

    Categories

    All
    Aws
    Cloud
    Dfir
    Incident Response
    Linux
    Recon

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity