Friday, June 8. Out of the blue, an email popped onto the forensics community mailing list. It contained a single link, to an Anonymous video.
Ten days later, CrowdStrike released a beautiful blog post about the unmasked Activities API
Forensic analysts Ali Sawyer and Matt Durrin ran it against an Office 365 test instance set up in LMG’s research laboratory. It contained the granular details that we had only dreamed existed — and more.
In the case of the secret Office 365 tool, the very existence of this evidence was kept hidden by several respected forensics firms, as well as Microsoft itself, for well over a year by several accounts.
Today, most cloud providers have no obligation to collect logs. Even if they do have granular logs, like Microsoft, they have no requirement to make these easily accessible to customers.
http://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/
No comments:
Post a Comment