Following the Cloud IR course, practitioners can take Critical Knowledge: Incident Response for further training.
Domain 1: Incident Response in the Cloud
This domain covers an overview of the incident response process and the roles and responsibilities of the IR team in a cloud environment.
- Incident response overview
- Roles and responsibilities
Domain 2: Forensics in AWS
This domain covers the processes and techniques used when conducting forensics on the AWS platform. Additionally, we cover how evidence is collected and the impact on security presented by containers and databases.
- AWS forensics VMs
- Evidence collection
Domain 3: Forensics in Azure
This domain covers the processes and techniques used when conducting forensics in the Azure platform. We cover imaging techniques and Azure tools that help facilitate IR investigations.
- Cloud imaging
- Azure IR investigations
- Azure tools
Domain 4: ELK Stack in IR
This domain covers an overview of the ELK Stack, the projects that comprise it, and example demos of the ELK Stack in use.
- ELK Stack overview
- ELK Stack demos