PHASE: AWS CloudTrail50% COMPLETION
MODULE 17
Cloud Forensics (AWS/Azure)
Investigating cloud logs (CloudTrail) and compromised instances.
AWS CloudTrail
CloudTrail logs all API calls made in your AWS account.
{
"eventName": "RunInstances",
"sourceIPAddress": "203.0.113.5",
"userIdentity": {...}
}
"eventName": "RunInstances",
"sourceIPAddress": "203.0.113.5",
"userIdentity": {...}
}