Follow

Forensic Tool Kit applications and AWS Snapshots

Created by: Shon Harris
Created date:
Last Updated date:

Question: "Is it possible to create a forensic image from an AWS Elastic Block Storage (EBS) snapshot and process it in AccessData Products?" 

Answer: No. Because of limitations imposed by AWS, you must "rehydrate" or restore the snapshot image from a snapshot to an EBS volume. You must then attach that volume to an EC2 Instance and use FTK to acquire your forensic image.

Question: "Can we create a forensic image from an AWS Relational Database Service (RDS) snapshot and process it in AccessData Products?

Answer: Because of how RDS snapshots are stored, we are unable to process them as block storage and image them, and you would have to dump the database to an EBS volume, attach it to an Elastic Compute Cloud (EC2) instance, and then perform your forensic image acquisition. 

 

Link: Amazon EBS Snapshots 

Link: Restoring from an Amazon EBS Snapshot or AMI

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk