A Practical View of Cloud Log Analysis | HiSEC Information Security Laboratory
Cloud log analysis reconstructs activity flow by reviewing accounts, permissions, API calls, access locations, and service events together.
A Practical View of Cloud Log Analysis
Cloud log analysis reconstructs activity flow by reviewing accounts, permissions, API calls, access locations, and service events together.
Analysis Viewpoints
Authentication success and failure, permission changes, API calls, data access, and download events are correlated chronologically.; User accounts and service accounts must be distinguished, as should legitimate automation and abnormal activity.
Forensic Issues
Retention periods, time zones, source-specific fields, and collection permissions affect analysis results.; Cloud evidence becomes more reliable when interpreted together with endpoint, network, and account activity traces.
Category
Technology Brief
Topics
Cloud Forensics, Log Analysis, API Activity