This chapter introduces you to the different types of storage options that are available through AWS, extending the information covered in Chapter 3, Exploitation on the Cloud Using Kali Linux. Here, we focus on creating independent Elastic Block Store (EBS) volumes, attaching and detaching from multiple EC2 instances, and mounting detached volumes to retrieve data from prior EC2 instances and EBS snapshots. This chapter also covers the forensic retrieval of deleted data from EBS volumes. This highlights a very important part of the post-exploitation process while targeting the AWS infrastructure, since examining EBS volumes and snapshots is a very easy way to get access to sensitive data such as passwords.

In this chapter, we will cover the following:

• Creating, attaching, and detaching new EBS volumes from EC2 instances
• Encrypting EBS volumes
• Mounting EBS volumes in EC2 instances for data retrieval
• Extracting deleted data from EBS volumes to look for sensitive information