This talk uses a real-life case scenario to prepare attendees for responding to security incidents affecting G Suite users.
It’s the norm now to hear companies discussing “moving to the cloud”. Before long your data center servers are going to be antiquated technology. Though the transition to the cloud marks an exciting time in Information Technology, digital forensic investigators and incident responders are facing new, unknown territory. Rather than tackling such a large topic and issue in 30 minutes, this talk aims to provide a real-life case study of what it is like to respond to an incident in GSuite, Google’s cloud business suite. With a few million businesses subscribed to GSuite and that number climbing it is likely that DFIR professionals will eventually need to handle an incident for a company that is using GSuite for business operations. Speaking from experience, the presenter of this talk hopes to use a real-life example of how incident responders would handle an account compromise that occured to a business using GSuite. Furthermore, the speaker will apply the SANS Incident Response process to the situation and briefly discuss the forensics surrounding GSuite incidents. The goal is that by reviewing this case study the audience will not only learn about GSuite DFIR but also begin to think about how this extends to all cloud environments.