hands-on lab
Cloud Incident Response & Forensics: Introductory Lab
Difficulty: Beginner
Duration: Up to 1 hour and 5 minutes
Students: 861
Rating: 4.5/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Description
This lab is the first in a series of three labs where you will be performing forensic analysis in a cloud environment that has fallen victim to an attack. Each lab in the series is in increasing level of difficulty:
- Cloud Incident Response & Forensics: Introductory Lab
- Cloud Incident Response & Forensics: Foundation Lab
- Cloud Incident Response & Forensics: Intermediate Lab
In this first lab, you will conduct an analysis on how the attacker gained access to the system. You will use and improve research skills to carry out some preliminary investigations. The lab will also require you to perform log analysis which will introduce you to this forensic technique and how it is performed within a container.
Learning Objectives
Upon completion of this lab you will be able to:
- Perform information gathering to gain background to the incident and methods of attack
- Using the information gathered, be able to investigate compromised containers to figure out how the attacker gained access
Intended Audience
This lab is intended for:
- Frontend and full-stack engineers
- Developers who need to use Angular in real-world projects
- Individuals who want to improve their Angular skills
Prerequisites
You should be familiar with:
- Working at the command line in Linux
- Docker container technology and Docker commands
Covered topics
Lab steps
Understanding the Cloud Forensics Scenario
Logging in to the Microsoft Azure Portal
Connecting to the Attack Victim Machine Using RDP
Part 1: Information Gathering
Part 2: Log analysis