When a security incident is detected on the Azure cloud platform, forensic investigators must examine the log data collected from various sources. If a VM is found to be affected, it is important to take a snapshot of the OS disk of the VM for further investigation. This session discusses the forensic acquisition methodology of an Azure VM and discusses an assumed scenario to divide the whole process into multiple steps
ABOUT SPEAKER
Uros Babic is a Security Architect at Crayon, Microsoft Security MVP, MCT, Graduate electrical engineer, currently employed in Crayon Serbia as a Security Architect, Microsoft Security MVP, MCT, and Keynote Speaker.