Azure Kubernetes Service (AKS) Forensics & Incident Response

Forensic Labs
2 min readJun 26, 2023

Welcome to the next in our series of training videos on Cloud Forensics!

What is Azure Kubernetes Service?

Azure Kubernetes Service (AKS) is a managed Kubernetes service that lets you quickly deploy and manage containerized applications in the cloud.

AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to the Azure cloud.

As a hosted Kubernetes service, AKS is quickly becoming a popular choice for developers and enterprises that want to deploy applications in containers.

Monitoring AKS with Sentinel

  • Azure Security Center (ASC) AKS threat protection
  • Azure Diagnostics logs
  • Third party tool alert integration

Logs in AKS

Acquiring AKS Forensic Data

Cado Response can collect the full contents of containers running on AKS by retrieving a copy of the container disk or files over the Kubernetes Control plane using Cado Host:

--

--