Project 12 of 100: Digital Forensics & Automated Incident Response (DFIR) in AWS

In this video, we build a fully automated Digital Forensics and Incident Response (DFIR) pipeline in AWS. When a security breach happens, a manual response is too slow. We will use Amazon GuardDuty, EventBridge, Step Functions, Lambda, and Systems Manager to automatically isolate compromised EC2 instances and capture both disk (EBS snapshots) and memory (RAM dumps) evidence.

We will also test our pipeline using the official AWS GuardDuty Tester to generate real malicious traffic, triggering a genuine GuardDuty finding for communicating with a Tor entry node!

**What you will learn:**
- How to deploy the AWS GuardDuty Tester via CDK
- Creating an Isolation Security Group that blocks attackers but allows forensic tools
- Writing a Lambda function to isolate EC2 instances
- Orchestrating a forensic workflow with AWS Step Functions
- Using `avml` via Systems Manager to capture memory dumps without kernel headers

🔗 Resources:
• CloudGuard Portfolio: https://cloudguardportfolio.com
• GitHub: https://github.com/sulemoore
• Previous Project (PRJ-SEC-010): https://youtu.be/gNmIfw4JzOc

🤝 Connect with Me:
• LinkedIn: https://www.linkedin.com/in/MoSuleiman/
If you found this helpful, please LIKE and SUBSCRIBE for more hands-on cloud security projects!

#AWS #CloudSecurity #IncidentResponse #DFIR #Cybersecurity

Видео Project 12 of 100: Digital Forensics & Automated Incident Response (DFIR) in AWS канала CloudGuard Portfolio

Комментарии отсутствуют

Информация о видео

4 апреля 2026 г. 8:10:27

00:36:03

CloudGuard Portfolio

Теги

Правообладателям

Жалоба на материал Недопустимый материал Нарушение авторских прав

Комментарии

Другие видео канала

Project 12 of 100: Digital Forensics & Automated Incident Response (DFIR) in AWS

🌎 AWS S3 Cross-Region Replication Tutorial | Hands-On Step-by-Step Setup for Disaster Recovery

Project 13 of 100: Build a Multi-Region Active-Active Web App AWS | Route 53 & DynamoDB GlobalTables

AWS Security Specialty Certification

Project 2 of 100: AWS Real-Time Fraud Detection with SageMaker ($2.5M Annual Savings)

Project 1 of 100: AWS Serverless Document Classification Pipeline ($120K Annual Savings!)

Secure Your AWS Account – Best Practices to Protect Your Cloud 🚀🔒

Project 9 of 100: Enterprise Data Encryption & Key Management on AWS.

How to Register a Domain with AWS Route 53 🌍🚀

Project 4 of 100: Build a Fully Automated ML CI/CD Pipeline on AWS

Project 10 of 100: Identity Federation & SSO with Okta and AWS IAM Identity Center.

Project 11 of 100: Automate AWS Compliance & Auditing in AWS

Project 16 of 100: Build a Serverless Data Analytics Pipeline on AWS (S3, Glue, Athena, QuickSight)

Project 3 of 100: AWS Real-World Churn Prediction Platform with SageMaker ($1.8M Annual Savings!)

Project 7 of 100: Zero Trust Network on AWS

Project 8 of 100: Automated Threat Detection & Response on AWS.

Your AWS Certification is NOT Enough | Build This FOUNDATION First! (Project 0 of 100)

Create a Spending Budget in Your AWS Account | Control & Monitor AWS Costs 💰💰💰💰

Pass CompTIA S+ in 2 Weeks

🚀 How to Launch an AWS EC2 Instance Using Console, CLI, Terraform, and CloudFormation🚀🚀🚀🚀

Create Your First AWS Account - Create User | Set MFA