AWS Forensics - Additional Resources

SANS Gold Paper - Digital Forensic Analysis of Amazon Linux EC2 Instances

ABSTRACT: Companies continue to shift business-critical workloads to cloud services such as Amazon Web Services Elastic Cloud Computing (EC2). With demand for skilled security engineers at an all-time high, many organizations do not have the capability to do an adequate forensic analysis to determine the root cause of an intrusion or to identify indicators of compromise. To help organizations improve their incident response capability, this paper presents specific tactics for the forensic analysis of Amazon Linux that align with the SANS “Finding Malware – Step by Step” process for Microsoft Windows.

LINK: Digital Forensic Analysis of Amazon Linux EC2 Instances

SANS POSTER - Finding Unknown Malware - Step by Step

Finding Unknown Malware - Step by Step

Linux Memory Forensics Resources

• Linux Memory Forensics Wiki
• rekall / tools / linux / README
• Creating Volatility Linux Profiles (Debian/Ubuntu)

Cloud Forensics Automation

• Building a Disk Forensics Pipeline in the Cloud
• Disk Forensics as a Microservice

Documents Discussing the Issues with Analyzing Memory Images from AWS

• XEN ParaVirtualization support in Rekall
• Rekall Google Group Discussion
• AWS Documentation on Virtualization Types (PV & HVM)