Isolating EC2 Instances for Forensic Inspection: Revision history

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials

Diff selection: Mark the radio buttons of the revisions to compare and hit enter or the button at the bottom.
Legend: (cur) = difference with latest revision, (prev) = difference with preceding revision, m = minor edit.

19 May 2025

  • curprev 01:5101:51, 19 May 2025Mflavell talk contribs 837 bytes +2 No edit summary
  • curprev 01:5001:50, 19 May 2025Mflavell talk contribs 835 bytes +97 No edit summary
  • curprev 01:4801:48, 19 May 2025Mflavell talk contribs 738 bytes +738 Created page with " The best eay to do this is through the creation of a forensic account. * Keeping the EC2 instacne inside the production account can be dangeriouous. :* Any malcious software could spread to other production systems. = Isolate it = * Isolate the problem instance from everything else. :* Remove it from the production network. :* Prevent access to the instance. == How to isolate == * Creare a snapshot of the instance. :* Share the snapshot with the forensic accou..."
Retrieved from "https://cramsession.net/index.php/Isolating_EC2_Instances_for_Forensic_Inspection"