AWS S3 Support and Uploading On-Premise Files
The Cado platform supports acquistion of data from AWS S3 buckets. The two main use cases for this are:
- Analyzing disk images or zip files that have been uploaded to an S3 bucket as part of an investigation (e.g. as part of using Cado Community Edition)
- Analyzing the contents of an S3 bucket for any uploaded content that could be part of an incident
Select or search for the bucket you require. Navigate and select the objects you need, and click the 'Import n objects' button. Confirm the details and click 'Start Import'.
Uploading On-Premise evidence to S3 for Import
You can use the AWS Console to upload data from your web browser if you have access to it.
Alternatively, you can create an AWS Access and Secret Key then use a Desktop GUI tool such as Cyberduck to easily upload files from your desktop, with support for functionality such as resuming failed uploads.
If you create an Access/Secret for uploading data to S3, we reccomend you scope the access by:
- Giving the associated role write-only access to a single s3 bucket
- Use temporary credentials if possible
You can also use Cado Host with the --single_file_unzipped parameter - this may be a good option if you do not have direct access to Azure as Cado Response will generate the credentials at Import > Cado Host.
Data Flow Diagram
For a diagram of how our S3 acquisitions operate, please see our Knowledge Base.