We had an Azure ARM server undergo a brute force attack.  The attacker got into the server by attacking a service account on our domain.  Once inside the server, the attacker encrypted the server with a variation .dharma. The server was less than a week old, so staff had entered only small data batches into the new server.
I created the server with a 1TB size drive. Â Our security consultant would like a download of the VHD to test if the attacker breached any data in addition to encrypting data on the server. Â I would mount the VHD file to in a segregated Hyper-V environment for the security consultant to test for a data breach. Â The consultant does not want to test for the breach on the now deallocated server to preserve the chain of evidence.
- What is the best way to download the 1TB size VHD file?
- Does Microsoft offer a service where they would download the file to media and then ship the media to me?
- Any other suggestions on how to approach this issue? Â There is a high level of concern in the Executive Office of a data breach.
Thank you for your thoughts.