CloudTrail

AWS service that records every control-plane API call across an AWS account, with the principal, source IP, action, target resource and timestamp. Equivalent services are Azure Activity Log and GCP Cloud Audit Logs. The first stop in any cloud incident reconstruction.

Explained in

Cloud Forensics: Multi-Tenant, API and Jurisdictional Challenges

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learning Create Your Account

CloudTrail

Explained in

Related terms

Your journey to becoming a forensic professional starts here.