April 8, 2018
Episode 26 – DFIR in the Cloud with Jonathon Poling
Jonathon Poling (@JPoForenso) comes back to talk about #DFIR in the #cloud, whats easier, whats harder, and whats different. A must for anyone on a #blueteam.

From the crowd to the cloud, we shift focus this episode to a topic that may be holding back some infosec professionals from embracing the cloud - namely what to do when you're attacked? Digital Forensics and Incident Response (DFIR) is a topic we've covered in the past, but that was from a more traditional view. I'm fortunate enough to have Jonathon Poling (@JPoForenso) join me again to revisit DFIR, but this time from a cloud perspective. What's easier, what's harder, and what's different? Have a listen to find out! Some links of interest:
- Margarita Shotgun
- AWS to Azure Mapping
- AWS to GCP Mapping
- Azure to GCP Mapping
- Duo Labs GitHub
- StreamAlert
- Netflix GitHub
- NCC Group
- Ponder The Bits - https://ponderthebits.com/
- @JPoForenso
Want to reach out to the show? There's a few ways to get in touch!
- Show's Twitter: @PurpleSquadSec
- John's Twitter: @JohnsNotHere
- Podcast Website: purplesquadsec.com
- Sign-Up for our Slack community: https://signup.purplesquadsec.com
- John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic
Thanks for listening, and as always, I will talk with you all again next time.
Find out more at http://purplesquadsec.com