Certified Security - Specialty

Sign Up Free or Log In to participate!

Another Forensic Tip

Once you’ve taken the EBS snapshot, create a volume and mount that as the second drive on a clean EC2 instance. That way, you’re not booting or running software from the compromised machine, but you have full access to the logs and other software. It makes is possible for example to compare checksums of the clean machine with the compromised machine.

Hope that helps!

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?