Cloud Incident Response & Forensics: Intermediate Lab

Developed with
QA

Lab Steps

lock
Logging into the Microsoft Azure Portal
lock
Connecting to the Attack Victim Machine Using RDP
lock
Part 1: Linux Log Analysis
lock
Part 2: Docker Log Analysis
lock
Part 3: Forensic Analysis Report

Ready for the real environment experience?

DifficultyIntermediate
Time Limit1h 10m
Students57
Ratings
5/5
starstarstarstarstar

Description

This lab is the third in a series of three labs where you will be performing forensic analysis in a cloud environment that has fallen victim to an attack. Each lab in the series is in increasing level of difficulty:

  1. Cloud Incident Response & Forensics: Introductory Lab
  2. Cloud Incident Response & Forensics: Foundation Lab
  3. Cloud Incident Response & Forensics: Intermediate Lab

In this lab, the final in the series, you will figure out what the attacker did in the host machine and generate a report which breaks down what happened. Specifically, you will perform further Linux log analysis which will finalise your development of this skill as introduced in the previous two labs. You will then perform Docker Log analysis, which will introduce you to this complex cloud-specific analysis technique. You will then be guided through writing an Analysis Report, bringing together all of your findings and giving you the skills to perform complex analysis.

Learning Objectives

Upon completion of this lab you will be able to:

  • Determine what the attacker did on the host machine once they broke out of the container
  • Write analysis reports to detail findings from forensic analysis

Intended Audience

This lab is intended for:

  • Cybersecurity practitioners
  • Individuals interested in container, web, and Linux security

Prerequisites

You should be familiar with:

About the Author

Tiarnan is a CyberFirst bursary student, working with QA as a cyber security researcher, who joined QA after successfully completing a summer placement. He is  currently studying for his computer science degree at Nottingham University.