Skip to content

Cloud Evidence Acquisition

Jump to bottom
Phil Hagen edited this page Jan 31, 2025 · 2 revisions

This page links to instructions for acquiring evidence from the various support cloud providers. Unfortunately, these providers often have multiple different methods to acquire their log evidence, which often do not yield the same results. In some cases, they are similar but in others they differ vastly. Some acquisition methods simply do not provide sufficient details to be considered forensically useable.

These pages are not intended to imply any of the documented methods are "correct" or that any acquisition method not documented is "wrong." However, they do document how to acquire logs that SOF-ELK parsers support.

All content ©2025 Lewes Technology Consulting, LLC unless otherwise indicated.

Table of Contents

Clone this wiki locally