This lab is the second in a series of three labs where you will be performing forensic analysis in a cloud environment that has fallen victim to an attack. Each lab in the series is in increasing level of difficulty:
In this lab, which is the second in the series, you will perform further incident response and forensic analysis to determine what the attacker did within the container. You will further build upon the log analysis skills developed in the first lab. You will then conduct more research on the specific tools used by the attacker, further developing your information gathering skills. Finally, you will perform some interim analysis to consolidate your understanding of what has transpired to prepare you for the final lab.
Upon completion of this lab you will be able to:
This lab is intended for:
You should be familiar with:
Tiarnan is a CyberFirst bursary student, working with QA as a cyber security researcher, who joined QA after successfully completing a summer placement. He is currently studying for his computer science degree at Nottingham University.