checklist

🧼 Media Sterilisation

Before copying evidence or making a disk image, one needs to sterilise the target media to ensure that data on that disk before this operation would not meddle with the evidence data. Several rounds of writing 0s are usually enough.

⛅️ AWS Evidence Collection

Are there any Shadow Cloud Accounts? Could be the first place to look when investigating.