Taking a page of Chris Hoff’s method of posting incomplete thoughts, I found myself wondering why there is so little talk in security circles about performing forensics and incident response in public cloud environments. Do people just not care? Is it just easier to kill the image and spin up a new ‘clean’ image? Is it just too hard? Is there not enough guidance?
What’s up with that?