Security News > 2024 > July > Cirrus: Open-source Google Cloud forensic collection
Cirrus is an open-source Python-based tool designed to streamline Google Cloud forensic evidence collection.
It can streamline environment access and evidence collection in investigations involving Google Workspace and GCP. The tool simplifies incident response activities and enhances an organization's security posture.
The Assistant script automates the necessary access prerequisites for a Google Cloud environment, preparing it for evidence collection by the Collector.
Designed for execution in Google Cloud Shell, the Assistant script sets the stage for the Collector, which can run from any terminal.
The Collector script uses a service account key file to authenticate to the Google Cloud environment.
This key file can be generated by the Assistant script or manually.