hands-on lab

Cloud Incident Response & Forensics: Foundation Lab

Difficulty: Beginner
Duration: Up to 1 hour and 10 minutes
Students: 541
Rating: 5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

This lab is the second in a series of three labs where you will be performing forensic analysis in a cloud environment that has fallen victim to an attack. Each lab in the series is in increasing level of difficulty:

  1. Cloud Incident Response & Forensics: Introductory Lab
  2. Cloud Incident Response & Forensics: Foundation Lab
  3. Cloud Incident Response & Forensics: Intermediate Lab

In this lab, which is the second in the series, you will perform further incident response and forensic analysis to determine what the attacker did within the container. You will further build upon the log analysis skills developed in the first lab. You will then conduct more research on the specific tools used by the attacker, further developing your information gathering skills. Finally, you will perform some interim analysis to consolidate your understanding of what has transpired to prepare you for the final lab.

Learning Objectives

Upon completion of this lab you will be able to:

  • Determine what the attacker did once they gained access to the container’s Command Line Interface
  • Use information gathering skills to research specific tools used by the attacker
  • Generate interim analysis to bring together a picture of the attack so-far

Intended Audience

This lab is intended for:

  • Cybersecurity practitioners
  • Individuals interested in container, web, and Linux security

Prerequisites

You should be familiar with:

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Connecting to the Attack Victim Machine Using RDP
Part 1: Log analysis
Part 2: Research
Part 3: Analysis