Doing DFIR in the Cloud can be a bit foggy, even when it comes to the most basic tasks like making disk copies or obtaining logs. This talk will introduce libcloudforensics, our modest attempt at a ray of sunshine. Its aim is to reduce the friction between forensics practitioners and the different cloud environments they need to investigate. We’ll show what the library is capable of, have a run through its architecture, and talk about the challenges we faced when dealing with different Cloud providers.
Thomas Chopitea (Google)
Thomas Chopitea is a forensics investigator and engineer at Google (he used to do work at the CERT of a big financial institution, but he’s fine now). When he’s not writing code and hunting down bad guys, he enjoys poking malware with a long stick and reading up on threat intelligence processes. His long-term professional goal is to automate himself out of a job.
Theo Giovanna (Google)
Theo is an intern with the DFIR team at Google, where he focuses on developing tools to help with cloud forensics. Prior to joining Google, he was interning at Deloitte where he was part of the application security team, assisting with penetration testing services for the financial industry. He earned a bachelor’s degree in computer science from the university of Geneva, and is currently pursuing a master’s degree focusing on information security at ETH Zürich.