AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

See below for a list of AWS Tools.

ToolDescription
Cado's Import UICado's Import UI - Cloud Data Importing Tool
cloudgrepcloudgrep is grep for cloud storage. It currently supports searching log files, optionally compressed with gzip (.gz) or zip (.zip), in AWS S3, Azure Storage or Google Cloud Storage.
Invictus-AWSInvictus-AWS is a python script that will help automatically enumerate and acquire relevant data from an AWS environment.

See below for a list of AWS Artifacts.

Artifact or ProcessResource
AWS Amplify LogsDo NOT forget the AWS Amplify Logs
AWS Cloud ForensicsA New Perspective on Resource-Level Cloud Forensics
AWS Cloud ForensicsThe Importance of Depth: Cloud Forensics Beyond Log Analysis
AWS Incident ResponseAutomated AWS Incident Response — The next episode
AWS Incident ResponseHow to be IR Prepared in AWS
AWS Incident ResponseAWS Ransomware
CloudTrailAWS CloudTrail Forensics - A SIEM Case Study
CloudTrailAWS CloudTrail Forensics - HTB Nubilum-1
EC2 (Elastic Compute Cloud)The Cado Platform can now Capture AWS EC2 Systems into E01 Format