Incidenthantering i molnmiljö
Incident response plans are faced with new challenges as organisations expands to the cloud, this thesis aims to highlight these challenges and their potential solutions. Our work has focused on managing the incident response in contrast to earlier work that has been focusing on preventing them.As with any development, security is seldom prioritized. Instead the focus are often aimed towards usability and functionality, which means incident response plans are written, implemented, forgotten and finally becomes obsolete. This could result in an organization losing their ability to produce acceptable forensic images, avoid severe downtime, or prevent similar incidents in the future, which are all important parts of incident response.Traditional incident response plans does not address incidents in the cloud. Thus, an absence of guidelines for managing incidents in the cloud becomes apparent. By compiling literature and performing practical experiments, this thesis exposes weaknesses in traditional incident response plans and demonstrates a need for cloud-specific incident response plans.Based on the conducted experiments, we can conclude that with our cloud-specific incident response plan as a basis, a forensic recovery from a cloud instance can be done in such a way that privacy and confidentiality is maintained. The experiments have also provided a forensically sound method for connecting tools to a cloud instance, we call this approach "Virtual Incident Response Disk" (VIRD).