Virtually Testing Workshop: Examining Cloud File Storage IncidentsOrganizational data is rapidly moving to the cloud, but it’s not always intentional. The shift from on-premise data storage to the cloud constitutes a significant challenge and risk to the modern enterprise. The use of cloud file storage applications is on the rise for both consumer and business systems, which brings forth interesting incident response and digital forensics challenges. In this workshop, we’ll examine the large footprints of popular cloud file storage applications such as OneDrive and Dropbox – looking for evidence of inappropriate data transfer by users. In some scenarios, data exfiltration happens by file transfer of sanctioned cloud storage applications where InfoSec teams will have access to centralized logs. In other scenarios, users may install their own cloud file storage applications where InfoSec teams have limited access to what’s stored in the hosted storage solution and thus must turn to endpoint forensics for answers to their who, what, when and why data exfiltration questions.
- Understand why it’s critical to investigate cloud file storage applications during an incident
- Learn what files are available to examiners during an incident (e.g. local, cloud, deleted, and cached)
- See what kind of cloud file storage user activity can be audited
- Be introduced to two scenarios of unauthorized data transfer to investigate
- Be introduced to where and how different cloud file storage applications log
- Learn how to examine incidents with suspected data exfiltration using corporate issued and person cloud file storage use