Cloud Forensics Utils Logo

Cloud Forensics Utils

0
Free
Visit Website

This repository contains some tools to be used by forensics teams to collect evidence from cloud platforms. Currently, Google Cloud Platform, Microsoft Azure, and Amazon Web Services are supported. It consists of one module called libcloudforensics which implements functions that can be desirable in the context of incident response in a cloud environment, as well as a CLI wrapper tool for these functions. Documentation can be found on the ReadTheDocs page. Quick access: Installation User Manual How to contribute

FEATURES

ALTERNATIVES

A tool that determines what AWS API calls are logged by CloudTrail and what they are logged as, and can also be used as an attack simulation framework.

Cloud Custodian (c7n) is a rules engine for managing public cloud accounts and resources with a focus on security, compliance, and cost optimization.

Weave Scope automatically generates a map of your application for troubleshooting and monitoring Docker & Kubernetes.

S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.

Azure Guardrails enables rapid enforcement of cloud security guardrails by generating Terraform files for Azure Policy Initiatives.

Multi-account cloud security tool for AWS with real-time reporting and auto-remediation capabilities.

AWS serverless cloud security tool for parsing and alerting on CloudTrail logs using EQL.

A script and library for identifying risks in AWS IAM configuration