Cloud Forensics (W56) - Digital Forensics Course Online


Courses Included

In stock

Get the access to all our courses via Subscription



Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Large clouds often have functions distributed over multiple locations, each location being a data center. The nature of cloud computing – particularly cloud service provider management and distribution over multiple locations – makes forensic investigations difficult and seemingly impossible. Data centers alone can be a separate forensic discipline. This course merges cloud technology with sound forensic processes and principles to effectively conduct cloud forensic investigations using Amazon Web Services as a case study example.

Why THIS course? 

Cloud technology is no longer an emerging technology but has been entrenched in daily use ranging from individual users and small businesses to mid-size companies and large enterprise corporations. Today, virtually all users and business entities rely on the cloud for services, platforms, and infrastructure. This includes criminals as well. Traditional forensics involves desktop computers with internal storage and local area networks. Even RAID technology and virtualization, challenges in and of itself, are present in the cloud, making storage, virtual computers, and virtual hard drive evidence collection more difficult. New standards, process models, and advanced training are required to keep abreast with criminals hiding in the cloud for malicious and/or illegal activity. It is imperative that law enforcement and other security professionals keep pace with these criminals. Now, more than ever, is the time to advance the knowledge and skills necessary to conduct effective cloud forensics, gathering evidence that is admissible, defendable, and will stand up in court proceedings.

Why NOW? 

New standards, training requirements and certifications have been specified in several scientific publications that present challenges to cloud forensics. By taking this course now, you will gain insight into these challenges as well as the ability to overcome many of these challenges. You will gain skills in conducting a forensic investigation in a leading cloud service provider, Amazon Web Services, that can be immediately applied to your own cloud investigations. You will become a qualified witness for cloud forensic investigation presented in a court proceeding.

Who is this course for?

While designed for existing digital forensic examiners with understanding of sound forensic processes, this course is for anyone interested in cloud forensics who needs to enhance their skills as a forensic examiner. A solid understanding of cloud technology, particularly service models, will facilitate your understanding and application of cloud forensics as you proceed through the course.

Course benefits:

What skills will you gain?

  1. Identify and overcome challenges to conducting cloud forensics
  2. Apply new process models to cloud forensic investigations and security incidents
  3. Collect data stored in the cloud
  4. Perform analysis on collected evidence
  5. Identify and thwart anti-forensic techniques used in the cloud
  6. Apply legal principles to cloud forensic investigations
  7. Seize electronic evidence present in the cloud
  8. Apply data recovery strategies for deleted and overwritten data
  9. Conduct forensic investigations in a virtual environment
  10. Relate ethical hacking to cloud forensics
  11. Perform a forensic analysis on cloud storage models including OneDrive, Dropbox, and Google Drive
  12. Perform a forensic analysis on social media and electronic communication
  13. Apply cloud forensic process models to cloud services including SaaS, PaaS, IaaS, and FaaS
  14. Design an incident response plan for cloud forensics
  15. Apply data collection techniques to an AWS case study
  16. Apply infrastructure and service domain incidents to an AWS case study
  17. Coordinate cloud service provider support
  18. Conduct a forensic investigation involving AWS
  19. Prepare for AWS Cloud Practitioner Certification

What will you learn about? 

You will examine scientific challenges to cloud forensics and apply your knowledge and skills to cloud storage, social media, and electronic communication forensics. You will investigate cybercrime as it exists in the cloud, preparing an incident response and readiness plan for criminal investigations and security incidents. You will learn about Amazon Web Services and how to conduct an effective forensic investigation with this cloud service provider.

What tools will you use?

A computer with sufficient hardware and operating system requirements to conduct forensic acquisition and analysis with Internet Access. It is suggested to include a variety of forensic software to apply course concepts to your own existing tools.



DURATION: 18 hours

CPE POINTS: On completion you get a certificate granting you 18 CPE points.

The course starts on the 30th of October.

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text

What should you know before you join?

This course is designed for intermediate to advanced users familiar with cloud technology and sound digital forensic principles and processes.

What will you need?

Computer with latest technology with access to the Internet. The computer should meet the recommended requirements for running the operating system. We recommend a Windows 10 PC.

Your instructor: David J Tatum


Dave Tatum is trained in Digital Forensics including in XRY, FTK, and EnCase. Each one has a cloud forensics component. What is more, David has taught computer network systems for over twenty years and digital forensic for the last ten years. Prior to teaching, David worked as a senior technical support engineer supporting a wide variety of hardware and software platforms. Dave recently started his own business that includes teaching with computer networks and specializing in computer forensic imaging and data recovery. Interests include 3D printing and video game design. In his spare time, David enjoys reading, hiking and trips to the beach.




Module 0

Evidence preservation and maintaining a chain of custody is an important factor in the forensic process. The basic forensics process is listed below. Students interested in advancing their cloud forensic skills involving Amazon Web Services will benefit from reviewing forensic process models, challenges, and AWS Security Incident Guidelines:

  • Identification
  • Preservation
  • Collection
  • Examination
  • Analysis
  • Presentation

Module 1: Forensic Science Challenges

  1. Cloud Architecture (Knowledge) 
  2. Data Collection (Knowledge and Skill)
  3. Analysis (Knowledge and Skill)
  4. Anti-Forensics (Knowledge)
  5. Role Management (Knowledge) 
  6. Standards and Training (Knowledge)
  7. Legal Issues – a pragmatic approach (Knowledge)
  1. Architecture – This exercise presents challenges related to Multi-Tenancy, Data Segregation, and Provenance.  Challenges range from deletion in the cloud and recovering overwritten data to evidence segregation and chain of custody
  2. Data Collection – This exercise presents challenges to Data Recovery and Data Collection ranging from Trust Boundaries and evidence preservation to Root of Trust
  3. Analysis – This exercise presents challenges to analysis ranging from Metadata and Metadata Logs to Evidence Correlation and Timestamp Synchronization
  4. Anti-forensics – This exercise presents challenges to Anti-forensics ranging from Malicious Code and circumventing Virtual Machines
  5. Role Management – This exercise presents challenges to Role Management including Identity Management such as Identifying Account Owner Authentication and Access Control
  6. Standards and Training – This exercise presents challenges to standards and training, ranging from No Single Process to Qualifications and Certifications
  7. Legal – This exercise presents several legal challenges including Jurisdiction, Privacy, and ethics. Persistence in the face of legal challenges will also be addressed
  8. Module Knowledge Check

Module Workload Suggested Module Time: 100 minutes

Module 2: Cybercrime and Cloud Forensics

  1. Forensics Readiness in the Cloud (Knowledge)
  2. Seizing Electronic Evidence (Knowledge and Skill)
  3. Data Recovery Strategies (Knowledge)
  4. Forensic Awareness in Virtual Environments (Knowledge)
  5. Implications on Electronic discovery (Knowledge)
  6. Forensics as a Service (Knowledge)
  7. Ethical Hacking and Cloud Forensics (Knowledge and Skill)
  8. Data acquisition and collection techniques (Knowledge)
  9. Avoiding Forensic Techniques (Knowledge) 
  1. Forensics Readiness – This exercise focuses on an approach to proactive evidence collection integrating Records Management and Digital Forensics
  2. Seizing Electronic Evidence – This exercise investigates how to obtain forensic evidence from cloud computing using legal processes by examining recent cases applicable to cloud forensics
  3. Data Recovery Strategies – This exercise examines characteristics of cloud computing including Resource Pooling, Rapid Elasticity, and Geographical Distribution of Data that hinder forensic investigations. Representative cases sketching the acquisition process and scenarios will be discussed
  4. Forensics Awareness in Virtual Environments – This exercise explores the relationship between Virtualization and Cloud Computing
  5. Implications on Electronic Discovery – This exercise discusses compliance in the cloud and implications on Electronic Discovery
  6. Forensics as a Service – This exercise introduces a Forensic-as-a-Service (FaaS) Delivery Platform for Law Enforcement Agencies (LEA)
  7. Ethical Hacking and Cloud Forensics – This exercise focuses on the challenges that the forensic investigator faces when investigating Cloud Crime, and how they can learn from techniques used by Ethical Hackers to improve their investigative technique. Strategic interplay with forensics operations will be explored
  8. Data acquisition and collection techniques – This exercise examines data origin, services, and techniques used to collect that data. Preventative measures and forensics, as well as offensive value will be examined
  9. Avoiding Forensic Techniques – This exercise takes a purple team approach to work with specific forensic techniques and how to avoid them. Forensic trails in the case of incidents and how to avoid those services and techniques if trying to bypass them will be explained
  10. Module Knowledge Check

Module Workload Suggested Module Time: 100 minutes

Module 3: Cloud Storage and Social-Media

  1. Forensic Collection of Cloud Storage Data (Knowledge)
  2. OneDrive Cloud Storage Forensic Analysis (Knowledge and Skill)
  3. Dropbox Data Remnants on User Machines (Knowledge and Skill)
  4. Google Drive Forensic analysis (Knowledge and Skill)
  5. Open-Source Cloud Storage Forensics (Knowledge)
  6. Social Media and Electronic Communication (Knowledge and Skill)
  1. Forensic Collection of Cloud Storage Data – This exercise discusses forensic collections and challenges of cloud storage data
  2. OneDrive Analysis – This exercise presents a simulation on the OneDrive analysis
  3. Dropbox Data Remnants on User Machines – This exercise presents a simulation on Dropbox Data Remnants on use machines
  4. Google Drive Forensic Analysis – This exercise presents a simulation conducting forensic analysis on Google Drive
  5. Open-Source Cloud Storage Forensics – This exercise compares Open-Source cloud sources and methods for acquisition and analysis
  6. Social Media and Electronic Communication – This exercise examines social media platforms including Facebook and Twitter. E-mail and SMS will be discussed
  7. Module Knowledge Check

Module Workload Suggested Module Time: 100 minutes

Module 4: Amazon Web Services

  1. Infrastructure and Cloud Capability (Knowledge) 
  2. Forensic Preparation (Knowledge)
  3. Disk Collection (Knowledge and Skill)
  4. Forensic Workstation (Knowledge and Skill)
  5. Incident Response Simulation (Knowledge)
  6. Service Domain Incidents (Knowledge)
  7. Infrastructure Domain Incidents (Knowledge)
  8. Cloud Provider Support (Knowledge)
  9. Forensic Investigation Strategies (Knowledge and Skill)
  1. Infrastructure and Cloud Capabilities – This exercise discusses cloud technologies and capabilities related to Amazon Web Services.
  2. Forensic Preparation – This exercise discusses incident response preparation requirements relevant to Amazon Web Services.
  3. Data Collection – This exercise examines data collection techniques related to Amazon Web Services.
  4. Forensic Workstation – This exercise examines incident response activities including disk imaging, file systems, RAM dumps and other artifacts involving Amazon Web Services. Setting up forensic labs and workstations in the cloud will also be addressed.
  5. Incident Response Simulation – This exercise examines Security Response Simulations including simulation steps and simulation examples.
  6. Service Domain Incidents – This exercise examines Service Domain Incidents case studies.
  7. Infrastructure Domain Incidents – This exercise examines Infrastructure Domain Incidents case studies.
  8. Cloud Provider Support – This exercise examines cloud Provider support including strategies, AWS Managed Services, AWS Support, and DDoS Support.
  9. AWS Forensic Investigation Strategies – This exercise will explore forensic investigation strategies providing a real-world hands-on approach.
  10. Module Knowledge Check

Module Workload Suggested Module Time: 120 minutes

Module 5: AWS Cloud Practitioner

  1. Introduction to Amazon Web Services (Knowledge) 
  2. Compute in the Cloud (Knowledge)
  3. Global Infrastructure and Reliability (Knowledge)
  4. Networking (Knowledge) 
  5. Storage and Databases (Knowledge) 
  6. Security (Knowledge)
  7. Monitoring and Analytics (Knowledge)
  8. Migration and Innovation (Knowledge)
  1. Introduction– This exercise discusses on-demand delivery and pay as you go pricing. This is an introduction for pursuing the AWS Cloud Practitioner credential.
  2. Cloud Compute– This exercise discusses cloud computing as the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user.
  3. Infrastructure and Reliability– This exercise discusses the basic concept of availability zones, Amazon CloudFront, and edge locations as well as provisioning for AWS services.
  4. Networking – This exercise discusses basic concepts of networking including public and private resources, gateways, VPNs, AWS Direct Connect, deployments, strategies, and AWS Global Network.
  5. Storage and Database – This exercise discusses basic concepts of storage and databases including EBS, S3, EFS, storage solutions, RDS, DynamoDB, and various database services.
  6. Security – This exercise discusses the shared responsibility model, MFA, Identity and Access Management, policies, compliance, and security services.
  7. Monitoring and Analytics– This exercise discusses approaches to monitoring your AWS environment, Amazon CloudWatch, AWS CloudTrail, and AWS Trusted Advisor.
  8. Migration and Innovation– This exercise discusses migration and innovation in the AWS Cloud, AWS Cloud Adoption Framework, factors of a cloud migration strategy, and AWS data migration solutions.
  9. Module Knowledge Check

Module Workload Suggested Module Time: 120 minutes

Final exam:

Multiple choice between thirty to fifty questions.

Suggested Final Exam Time – 90 minutes


If you have any questions, please contact us at [email protected].



There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023