In Microsoft’s Detection and Response Team, we often find ourselves using the rich data available in Office 365 to help us with our investigations. During this process there are a couple of questions we consistently stumble across:
Where can I go to find ‘x’ data? (Location)
How far back does our data go? (Availability)
Just like traditional endpoint-based data, log data in cloud services is available based on factors largely outside of the investigator’s control. As an investigator, it is our job to work with what’s available, and sometimes work a little bit of magic to make the unavailable available! To begin, there are some differences worth highlighting in data availability in cloud vs. endpoint:
— Lees op techcommunity.microsoft.com/t5/security-compliance-and-identity/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865
Ontdek meer van Djimit van data naar doen.
Abonneer je om de nieuwste berichten naar je e-mail te laten verzenden.
