To recap where we’re at so far in our series:
- Part 1: Leveraging IaaS for Your Lab provided four reasons why you’d want to virtualize your lab
- Part 2: Benefits of Virtualizing Your Forensics Lab went into some of the specific benefits of virtualizing your lab, especially with Magnet AXIOM Cyber
In this post we’re going to take it a layer deeper and walk you through how you should set up an Amazon EC2 instance that will run AXIOM Cyber.
As a forensic examiner, you’re highly technical, you are working on—and solving—complex problems every day. Yet setting up an Amazon EC2 instance may still be a daunting task. There are so many options and things to consider such as:
- What instance type is best for acquiring data versus examining evidence?
- What security groups need to be in place? What even is a security group anyway?
- What inbound and outbound rules need to be configured for the proper flow of traffic?
All of these may be things that you’re unsure of when setting up an EC2 instance and you may not know where to begin.
There’s a lot to unpack here, so we’ve put together a dedicated resource, A Practical Guide to Virtualizing Your Forensics Workstation: Setting Up an Amazon EC2 Instance for AXIOM Cyber, that answers these questions and more.
If you’re looking to take full advantage of running AXIOM Cyber in an EC2 instance, including the ability to perform remote collections of endpoints not connected to your corporate network, there are certain things that you’ll need to configure in the AWS Management Console. This guide will provide a detailed walkthrough of:
- Setting up security groups including inbound and outbound rules
- What instance types are best suited for the job you’re performing
- Installing Magnet AXIOM Cyber in your EC2 instance
Next up in our Virtualizing Your Forensics Lab in the Cloud series, we’ll explore some best practices for working with evidence in the cloud including adding and securing evidence in the cloud and what some effective storage options may be.