Episode 26 – DFIR in the Cloud with Jonathon Poling

From the crowd to the cloud, we shift focus this episode to a topic that may be holding back some infosec professionals from embracing the cloud - namely what to do when you're attacked?  Digital Forensics and Incident Response (DFIR) is a topic we've covered in the past, but that was from a more traditional view.  I'm fortunate enough to have Jonathon Poling (@JPoForenso) join me again to revisit DFIR, but this time from a cloud perspective.  What's easier, what's harder, and what's different?  Have a listen to find out! Some links of interest:

• Margarita Shotgun

• AWS to Azure Mapping

• AWS to GCP Mapping

• Azure to GCP Mapping

• Duo Labs GitHub

• StreamAlert

• Netflix GitHub

  • RepoKid

• NCC Group

  • Scout2

• Ponder The Bits - https://ponderthebits.com/

• @JPoForenso

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec

• John's Twitter: @JohnsNotHere

• Podcast Website: purplesquadsec.com

• Sign-Up for our Slack community: https://signup.purplesquadsec.com

• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com