In Microsoft’s Detection and Response Team, we often find ourselves using the rich data available in Office 365 to help us with our investigations. During this process there are a couple of questions we consistently stumble across:
Where can I go to find ‘x’ data? (Location)
How far back does our data go? (Availability)
Just like traditional endpoint-based data, log data in cloud services is available based on factors largely outside of the investigator’s control. As an investigator, it is our job to work with what’s available, and sometimes work a little bit of magic to make the unavailable available! To begin, there are some differences worth highlighting in data availability in cloud vs. endpoint:
— Lees op techcommunity.microsoft.com/t5/security-compliance-and-identity/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865
Blijf op de hoogte
Wekelijks inzichten over AI governance, cloud strategie en NIS2 compliance — direct in je inbox.
[jetpack_subscription_form show_subscribers_total="false" button_text="Inschrijven" show_only_email_and_button="true"]Bescherm AI-modellen tegen aanvallen
Agentic AI ThreatsRisico's van autonome AI-systemen
AI Governance Publieke SectorVerantwoorde AI voor overheden
Cloud SoevereiniteitSoeverein in de cloud — het kan
NIS2 Compliance ChecklistStap-voor-stap naar NIS2-compliance
Klaar om van data naar doen te gaan?
Plan een vrijblijvende kennismaking en ontdek hoe Djimit uw organisatie helpt.
Plan een kennismaking →Ontdek meer van Djimit
Abonneer je om de nieuwste berichten naar je e-mail te laten verzenden.
