DURATION: 5 hours

CPE POINTS: On completion you get a certificate granting you 5 CPE points. 

Course launch date: March 25th, 2024 

Build foundational skills to secure AWS environments with our beginner-friendly DFIR course. Explore the basics of digital forensics, incident response strategies, and automation techniques tailored for AWS. Gain hands-on experience in setting up forensic environments, detecting common attacks, and automating incident response in the AWS cloud.

Why this course? 

This course provides a crucial skill set in securing AWS environments. In today's digital landscape, understanding digital forensics, incident response, and automation in AWS is essential for safeguarding data and infrastructure. This course offers hands-on experience, making it an invaluable asset for those eager to enhance their cybersecurity expertise and stay ahead in the dynamic field of cloud security.

Why take it now? 

DFIR in the cloud is a relatively new and rapidly growing field in the market. As organizations migrate to the cloud, there is a rising demand for individuals proficient in digital forensics and incident response (IR) within the AWS environment. Additionally, the demand for automation within AWS is at an all-time high. By acquiring expertise in these areas now, learners position themselves at the forefront of this evolving field, unlocking numerous opportunities for career growth and contributing to the ever-changing security landscape of the digital world.

Who is this course for? 

This course is designed for anyone interested in cloud forensics and Incident Response. Whether you are a student or a working professional, this course offers valuable insights and learning opportunities.


What skills will you gain? 

Students will learn the following skills:

  • Setting up a digital forensic environment in the cloud.
  • Conducting security assessment testing with forensic tools.
  • Managing common incident response procedures.
  • Implementing automation in Digital Forensics and incident response (DFIR).

What will you learn about? 

Students will learn the following topics:

  • Cloud Forensics Fundamentals: Understand key cloud forensics concepts and techniques.
  • Incident Response in AWS: Learn incident response strategies and utilize AWS services for monitoring and logging through practical demonstrations.
  • Common Attack Scenarios: Identify and respond to integrity breaches, brute force attacks, and more in AWS.
  • Ransomware Protection: Implement strategies to safeguard AWS environments from ransomware.
  • Automation of Incident Response: Hands-on experience in automating forensic setups, incident responses, and AWS backups.

What tools will you use? 

The course mainly uses the Amazon Web Services (AWS) platform [AWS Account] for running lab exercises and hands-on projects.


Course format:

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What should you know before you join? 

This course is not designed for complete beginners. Prior to enrollment, it is recommended that students possess:

  • Familiarity with AWS services such as S3, EC2, RDS, etc.
  • Basic knowledge of Python, Lambda, and CloudFormation.
  • Basic understanding of the Linux/Unix command-line interface.

What will you need? 

To take the course, students will need the following hardware and software:

  • A computer with internet access
  • A web browser
  • An AWS account (or access to one)


Module 0: Before the course

In the course introduction, we'll cover:

  • Overview: Briefly outline what the course entails, learning objectives, and expectations.
  • Outcomes: Clearly define post-course objectives and what students can achieve.
  • Instructor Introduction: Introduce myself, my background, and qualifications.
  • Prerequisites: Outline course requirements and expectations.
  • Structure: Explain the module, lesson, and assessment format.
  • Content: Provide an overview of covered topics and lesson formats.

Module 1: Digital Forensics Foundations

This module provides a foundational overview of key concepts in AWS Digital Forensic.

  • Introduction to Digital Forensics in Cloud Environments.
  • Basics of Preserving Digital Evidence.
  • Chain of Custody in AWS Forensic Investigations.

Module exercises:

Multiple Choice Questions (MCQs)

Module 2: Incident Response Basics

This module is fundamental to the course as it covers incident response and essential services for DFIR implementation. Participants will gain practical insights through demonstrations, aiding in the understanding of log analysis and supporting investigations.

1. Overview of Incident Response.

AWS Logging and Monitoring:

  • CloudTrail Log Forensics for Stolen Data Detection.
  • AWS Config for Tracking Resource Configuration Changes.
  • CloudWatch for Monitoring and Alerting.

Automation Basics:

  • Lambda Function. AWS Services for Incident Response.
  • Infrastructure as Code (CloudFormation Template).

2. The Incident Response Lifecycle.

Module exercises:

Multiple Choice Questions (MCQs) 

Practical exercises to reinforce concepts learned throughout the module.

Module 3: Digital Forensic Setup in the Cloud

This hands-on module guides participants in establishing a robust digital forensic environment on AWS. Topics include EC2 setup, memory acquisition, Prowler for security assessment, and effective disk acquisition procedures.

  • How to Set up Your Digital Forensic Environment on EC2.
  • Memory Acquisition.
  • How to Use Prowler for Security Assessment.
  • Disk Acquisition.

Module exercises: 

Multiple Choice Questions (MCQs) 

Set up your digital forensic lab and practice all the scenarios.

Module 4: Incident Response Strategy for Common Attacks

This module focuses on crafting effective incident response strategies tailored for common cyber-attacks. It is entirely hands-on, allowing participants to learn how to construct architectures, analyze logs, and investigate potential breaches.

  • Integrity Monitoring – Demo.
  • Incident Response Strategy for Brute Force Attacks – Demo.
  • Unusual Resource Access Patterns in AWS S3 – Demo.
  • Pass-the-Ticket Attack - Demo.
  • Protecting Your AWS Environment from Ransomware.

Module exercises:

Apply all the practical demonstrations you have learned in this module.


Module 5: Automating Incident Response and Forensics

In this module, we will explore the integration and automation in incident response and forensics within AWS. Learn how to use Lambda functions and Infrastructure as Code (CloudFormation) to enhance automation in DFIR.

  • Automate the Digital Forensic Setup - Demo.
  • Automate the Incident in EC2 - Demo.
  • Automate AWS Backups for Forensics - Demo.

Module exercises:

Apply all the practical demonstrations you have learned in this module.


Afshan is a skilled professional in cybersecurity. Currently working as an OSINT analyst at an Israeli firm, she is adept at gathering insights from open-source information. Beyond her analytical role, Afshan is a cybersecurity instructor at SOC Experts and organizations, where she brings real-world understanding to her teaching. Her previous experience as an AWS administrator adds to her expertise, backed by her AWS Cloud Practitioner certification and involvement in the AWS Community Builder program. On top of all that, she runs a YouTube channel called AFS Hackers Academy, where she shares her insights and knowledge with a wider audience.


If you have any questions, please contact us at [email protected].

Course Reviews


  • 5 stars0
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0

No Reviews found for this course.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023