This presentation examines contemporary approaches to analyzing AWS snapshots and then switches to a particular focus on utilizing Elastic Block Storage (EBS) APIs to implement Read/Seek capabilities on top of snapshots, resulting in a novel analysis method. This new method can easily be used to help triage AWS snapshots by directly accessing the data within the snapshot itself. The practical implementation of this technique will be demonstrated (in Rust) to showcase how data within a snapshot can be directly accessed and handled without having to overlay or download the entire snapshot. Furthermore, open-source tools will be provided to facilitate the adoption of this cutting-edge approach. We will conclude by discussing other quick wins that could be achieved by utilizing this method.SANS DFIR Summit 2023
Speaker: Matthew Seyer, Lead Specialist, KPMG, LLP
View upcoming Summits:
Музыка
Фильмы
ТВ Шоу
Категории видео
