1、Enterprise Digital Forensics and Security with Open Tools:Automate Audits,Computer Forensics Investigations and Incident Response with AWX and Ansible The IT world in companies today is much more complex than it was 10 years ago On-premises systems and cloud systems in various forms:SaaS,PaaS,IaaS,e
2、tc.In various regions Large storage capacities,20-40TB even in small and medium-sized businesses Desktops and laptops with at least 1-2 TB hard drives Smartphones with at least 128 GB;there are many smartphones:Apple,Google,Huawei with memory 1 TB Companies are highly interconnected C2S VPN for empl
3、oyees and consultants S2S VPN for suppliers and maintenance personnel.Automate:Audit,investigation and IR21.Conducting a forensic investigation,an audit or managing an incident in these contexts can be extremely complex and time consuming.2.It is necessary to automate and industrialise these investi
4、gation processes3.How?With commercial IR platforms:e.g.CrowdStrike,SentinelOne,etc.Open automation solutions:Terraform:derived from the devopsworld,it is a multi-cloud automation solution but only valid for the cloud,little more than a configuration language AWX&Ansible:Unix,Windows,Cloud,IoT,OT
5、,everything that has an SSH daemon and a shellAutomate:Audit,DF investigation and IR3 They rely almost exclusively on agents They are not always available for all operating systems,They must be deployed on all systems They must be kept up to date,otherwise they risk becoming an entry point for a cyb
6、er attack Agents consume resources:CPU,memory,disk space.Agents have a unit cost of 50-90 per PC/server The management platform has an annual cost.But above all,the entire infrastructure must be implemented in advance,regardless of whether it will be needed tomorrow or in a months timeCommercial too