Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jpcertcc/memoryforensic-on-cloud
Memory Forensic System on Cloud
https://github.com/jpcertcc/memoryforensic-on-cloud
aws forensics terraform volatility
Last synced: about 2 months ago
JSON representation
Memory Forensic System on Cloud
- Host: GitHub
- URL: https://github.com/jpcertcc/memoryforensic-on-cloud
- Owner: JPCERTCC
- License: other
- Created: 2022-10-21T14:12:50.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-12-21T01:21:08.000Z (about 1 year ago)
- Last Synced: 2023-12-21T04:33:05.216Z (about 1 year ago)
- Topics: aws, forensics, terraform, volatility
- Language: HTML
- Homepage:
- Size: 429 KB
- Stars: 77
- Watchers: 10
- Forks: 9
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Memory Forensic on Cloud
This repository is a PoC for memory forensic on AWS.
![flow](images/flow.png)
## Support OS
This system only supports memory forensics on Windows OS.
## Requirements Service
Get an account for the following services.
* AWS
* GitHub## How to Use
### Clone or Fork This Repository
```bash
$ git clone https://github.com/JPCERTCC/MemoryForensic-on-Cloud.git
```### Setup Configuration
#### variables.tf
```python
# Region to build the system
variable "region" {
default = "us-east-1"
}# Docker image name
variable "image_name" {
default = "memory-analysis"
}# Dockerfile directory
variable "docker_dir" {
default = "docker"
}# Analysis script directory
variable "codecommit_dir" {
default = "analysis_script"
}# Username to commit to Codecommit
variable "codecommit_username" {
default = "terraformer"
}# E-mail to commit to Codecommit
variable "codecommit_email" {
default = "[email protected]"
}# System name to build on AWS
variable "app_name" {
default = "memory-analysis"
}# IP address to access API Gateway and S3
variable "trusted_ip" {
default = "192.168.1.1/32"
}# Network address used by VPC
variable "cidr_block_vpc" {
default = "172.20.0.0/16"
}# AWS access key
variable "aws_access_key_id" {
default = ""
}# AWS secret access key
variable "aws_secret_access_key" {
default = ""
}# E-mail to notify the analysis status
variable "sns_email" {
default = ""
}```
### Setup GitHub Actions
Set GitHub Actions secrets.
* AWS_ACCESS_KEY_ID
* AWS_SECRET_ACCESS_KEY
* AWS_ACCOUNT_NUMBER
* AWS_REGIONHow to use GitHub Actions secrets. https://docs.github.com/en/actions/security-guides/encrypted-secrets
Finally, commit the repository to GitHub.