Incident Response in the Cloud (AWS) - SANS Digital Forensics & Incident Response Summit 2017
Moving from on-premises deployments to the cloud can offer incredible benefits to many organizations, including a plethora of capabilities to build, scale, modify, monitor, and tear down infrastructure with never-before-seen speed and agility. But, how do you monitor for, and respond to, attackers that leverage those same capabilities against you? In this session, we will compare and contrast performing digital forensics and incident response (DFIR) within AWS versus that as traditionally performed within on-premises environments. Learn the major differences in performing DFIR within AWS, along with the benefits it provides over traditional response within on-premises environments. Jonathon Poling (@JPoForenso), Principal Consultant / Future Operations, SecureWorks
Memory Forensics Acquisition Cloud
Defending a Cloud - SANS DFIR Summit 2016
ShimCache and AmCache enterprise-wide hunting - SANS Threat Hunting Summit 2017
AWS re:Invent 2022 - Threat detection and incident response using cloud-native services (SEC309)
Introduction to Windows Forensics
Logging, Monitoring, and Alerting in AWS (The TL;DR) - SANS DFIR Summit 2018
Tracking Threat Actors through YARA Rules and Virus Total - SANS DFIR Summit 2016
Cloud Security Monitoring and Threat Detection in AWS
Incident Response in the Cloud (AWS) | Phases of Incident Response | AWS Native tools used for IR
Keynote: Cobalt Strike Threat Hunting | Chad Tilbury
A Cloud Security Architecture Workshop
Introduction to Memory Forensics
AWS re:Inforce 2019: Security Best Practices the Well-Architected Way (SDD318)
Cyber Incident Response Tabletop Exercise
Live forensics demo: Extracting evidence from the cloud
Hunting on Amazon Web Services (AWS) - SANS Threat Hunting Summit 2017
DFIR 101: Digital Forensics Essentials | Kathryn Hedley
SANS DFIR Webcast - Incident Response Event Log Analysis
AWS re:Invent 2022 - AWS Incident Detection and Response (SUP201)
