It may have taken a year, but I didn't forget... ✅ Memory collection techniques in AWS ✅ EC2 Hibernation ✅ ... (come and find out) 🙂 #AWS #reInforce #DFIR

Do you have traditional #DFIR experience but looking to apply it in #AWS? Do you have a few years experience already doing DFIR in AWS and want to hone your skills? Are you a DFIR expert/SME in AWS and looking to lead (hundreds of) thousands of customers? Let's chat!

Any #Linux #DFIR experts in parsing/extracting memory from Linux hibernation files?

Reminder: #DFIR automation is a tool to achieve a goal, NOT the goal itself. Goals for automation: ❌ The sake of automation ❌ Replacing people ❌ Mitigating lack of knowledge/capability ✅ Reducing MTTR ✅ Increasing time/focus on more important areas (ex: analysis)

I have been (and remain) just absolutely enamored and fascinated with Windows Event Logs for #DFIR - in case you weren't aware from my historical blog posts :) Joachim Metz with yet again more fascinating insights into them. osdfir.blogspot.com/2021/10/common…

For the #AWS #DFIR folks charged with helping to protect, defend, and respond to this latest #log4j craziness - here's some info/tips. Remember, whenever possible, to leverage the power of the cloud to protect/defend the cloud. aws.amazon.com/blogs/security… aws.amazon.com/security/secur…

Looking to do Cloud (AWS) native forensic investigations? I am incredibly excited and proud to announce, through personal collaboration with Software Engineering Institute, the availability of CERT LiFTeR tools for Amazon Linux 2. forensics.cert.org/#amazonsupport Major thanks to Larry Rogers! #AWS #DFIR

#AWS #DFIR folks... If you need 3 reasons (or less) to attend #reInforce this year, I'll be doing the following: - Breakout on Instance Memory Acquisition - Chalk Talk on Building Forensics Capabilities - Workshop with HANDS-ON manual (and then automated!) EC2 Incident Response

My customized more granular IR lifecycle didn't make it in, but many other things did. 🙃 This is the result of a lot of work from smart folks passionate about creating more prescriptive and informative #DFIR guidance for folks operating in #AWS. Feedback always welcome!

#DFIR public speakers/presenters: Is it acceptable to you, as a speaker, to receive no travel or accommodation assistance for a paid attendance speaking event? If yes/no, please share your thoughts/experiences.

Interestingly enough, this is one big reason I went out on my own. So many people need the tenured expertise, but think it's too much $$$$. Ironically, it ends up being very similar in cost. Charge 4x a junior, but do it in .25x of the time = same cost, BUT deliver 10x value.

Investors HATE this one trick to increasing your adoption rate...

If LinkedIn headlines were a tweet.