In today’s cloud-driven world, security breaches remain a persistent risk due to the increasingly evolving threat landscapes. While robust processes and security measures can reduce vulnerabilities, sophisticated attackers continuously exploit new attack vectors, making it essential for organizations to focus on how effectively they can investigate and respond to potential incidents.

This talk is about the Automated Forensics Orchestrator for Amazon EC2 Instances, a powerful, AWS-native framework designed to automate forensic evidence collection, analysis, and reporting. Through real-world case studies and a live demo, we will explore how AWS Security Hub, GuardDuty, Systems Manager, Eventbridge, Step Functions, and Lambda Functions can be orchestrated to accelerate incident response.

We walk through a real-world attack scenario, demonstrating how the orchestrator:

1) Detects security incidents and triggers automated workflows
2) Isolates compromised EC2 instances to prevent further damage
3) Collects critical forensic evidence (memory dumps, disk snapshots, and acquisitions, logs)
4) Analyze and correlate attack patterns using AWS-native services
5) Generates actionable forensic reports for remediation

At the end of this session, attendees will have a practical understanding of automating forensic investigations on AWS, ensuring faster response times, improved security posture, and better incident handling capabilities.