AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Microsoft Azure

See below for a list of Microsoft Azure Tools.

ToolDescription
Blue-team-app-Office-365-and-AzureThe Blue team app for Office 365 and Azure is developed to help you investigate the Microsoft 365 Audit log.
Cado's Import UICado's Import UI - Cloud Data Importing Tool
cloudgrepcloudgrep is grep for cloud storage. It currently supports searching log files, optionally compressed with gzip (.gz) or zip (.zip), in AWS S3, Azure Storage or Google Cloud Storage.
Microsoft-Extractor-SuiteA PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

See below for a list of Microsoft Azure Artifacts.

Artifact or ProcessResource
Azure Cloud ForensicsThe Importance of Depth: Cloud Forensics Beyond Log Analysis
Azure Incident ResponseHow to be IR prepared in Azure
Microsoft Graph APIEverything you need to know about the MicrosoftGraphActivityLogs
Microsoft SentinelDemystifying Log Collection in Azure: Navigating Windows and Linux Server Logging for Microsoft Sentinel