Open Source Resources for Forensics in the Cloud

Step by Step Walkthrough of Forensic Analysis of Amazon Linux on EC2 for Incident Responders

This workshop will be a step-by-step walkthrough of techniques that can be used to perform forensics on Amazon Linux Instances running in AWS Elastic Cloud Compute (EC2). We use various open-source tools and perform the analysis itself in the cloud.

The purpose of this workshop is to equip security engineers with the skills necessary to investigate compromised Linux EC2 instances and discover Indicators of Compromise (IOC), the Tools, Tactics, and Procedures (TTP) used in the attack, as well as information that can help one reconstruct the timeline, determine the scope of the incident, and scope of the incident.

To get the most out of this workshop, each participant should:

Workshop Contents