Forensics for Amazon Web Services S3

You can configure an AWS account with an S3 bucket to store forensic-related objects.

The following workflow diagram provides a visual representation of the steps required to configure your AWS S3 as a forensic destination.

The setup uses a Cloud Formation Template (CFT), aws-instance-setup.yml that is customized with permissions required for Netskope for IaaS to access the S3 bucket that is the forensic destination. Netskope requires permissions to perform write and delete operations on the S3 bucket. Additionally, Netskope requires permissions to list all the S3 buckets and get the location of the buckets in your account.

To learn more, see “What happens in the process?” section in Step 2/2: Configure AWS Permissions for Forensic.

To learn more: Enabling Forensics for Amazon Web Services S3.