Course format:

• Self-paced
• Pre-recorded
• Accessible even after you finish the course
• No preset deadlines
• Materials are video, labs, and text
• All videos captioned

What should you know before you join? 

This course is not designed for complete beginners. Prior to enrollment, it is recommended that students possess:

• Familiarity with AWS services such as S3, EC2, RDS, etc.
• Basic knowledge of Python, Lambda, and CloudFormation.
• Basic understanding of the Linux/Unix command-line interface.

What will you need? 

To take the course, students will need the following hardware and software:

• A computer with internet access
• A web browser
• An AWS account (or access to one)

COURSE SYLLABUS

Module 0: Before the course

In the course introduction, we'll cover:

• Overview: Briefly outline what the course entails, learning objectives, and expectations.
• Outcomes: Clearly define post-course objectives and what students can achieve.
• Instructor Introduction: Introduce myself, my background, and qualifications.
• Prerequisites: Outline course requirements and expectations.
• Structure: Explain the module, lesson, and assessment format.
• Content: Provide an overview of covered topics and lesson formats.

Module 1: Digital Forensics Foundations

This module provides a foundational overview of key concepts in AWS Digital Forensic.

• Introduction to Digital Forensics in Cloud Environments.
• Basics of Preserving Digital Evidence.
• Chain of Custody in AWS Forensic Investigations.

Module exercises:

Multiple Choice Questions (MCQs)

Module 2: Incident Response Basics

This module is fundamental to the course as it covers incident response and essential services for DFIR implementation. Participants will gain practical insights through demonstrations, aiding in the understanding of log analysis and supporting investigations.

1. Overview of Incident Response.

AWS Logging and Monitoring:

• CloudTrail Log Forensics for Stolen Data Detection.
• AWS Config for Tracking Resource Configuration Changes.
• CloudWatch for Monitoring and Alerting.

Automation Basics:

• Lambda Function. AWS Services for Incident Response.
• Infrastructure as Code (CloudFormation Template).

2. The Incident Response Lifecycle.

Module exercises:

Multiple Choice Questions (MCQs) 

Practical exercises to reinforce concepts learned throughout the module.

Module 3: Digital Forensic Setup in the Cloud

This hands-on module guides participants in establishing a robust digital forensic environment on AWS. Topics include EC2 setup, memory acquisition, Prowler for security assessment, and effective disk acquisition procedures.

• How to Set up Your Digital Forensic Environment on EC2.
• Memory Acquisition.
• How to Use Prowler for Security Assessment.
• Disk Acquisition.

Module exercises: 

Multiple Choice Questions (MCQs) 

Set up your digital forensic lab and practice all the scenarios.

Module 4: Incident Response Strategy for Common Attacks

This module focuses on crafting effective incident response strategies tailored for common cyber-attacks. It is entirely hands-on, allowing participants to learn how to construct architectures, analyze logs, and investigate potential breaches.

• Integrity Monitoring – Demo.
• Incident Response Strategy for Brute Force Attacks – Demo.
• Unusual Resource Access Patterns in AWS S3 – Demo.
• Pass-the-Ticket Attack - Demo.
• Protecting Your AWS Environment from Ransomware.

Module exercises:

Apply all the practical demonstrations you have learned in this module.

Module 5: Automating Incident Response and Forensics

In this module, we will explore the integration and automation in incident response and forensics within AWS. Learn how to use Lambda functions and Infrastructure as Code (CloudFormation) to enhance automation in DFIR.

• Automate the Digital Forensic Setup - Demo.
• Automate the Incident in EC2 - Demo.
• Automate AWS Backups for Forensics - Demo.