Cloud incident response at UNSW with digital forensics powered by AWS

This article discusses how the University of New South Wales (UNSW) collaborated with AWS and CyberCX to implement the Automated Forensics Orchestrator for Amazon EC2 solution, enhancing it to meet UNSW's specific cybersecurity requirements.

Specifically, the article covers:

• The Forensics Orchestrator framework, which automates incident response and forensic analysis for potentially compromised Amazon EC2 instances.
• Enhancements made to the solution, including a graphical interface for investigations, just-in-time (JIT) access control, enhanced automation for simultaneous containment and analysis, and an improved deployment pipeline.
• Details on the implementation of each enhancement, such as using AWS Systems Manager for secure remote access, leveraging AWS Service Catalog and Lambda for JIT access control, and integrating with existing UNSW infrastructure like Amazon EC2 Image Builder and AWS Control Tower.
• The benefits achieved by UNSW, including streamlined deployment, improved visibility and incident response capabilities, enhanced security through least privilege access, and a simplified investigation process.