Automating disk and memory evidence collection in AWS

Title: Automating disk and memory evidence collection in AWS Presenters: Ryan Tick & Vaishnav Murthy Track: In The Weeds Time: 0900 BSides San Antonio 2020 July 11th, San Antonio, Texas Abstract: During an incident, answers are needed quickly. Often this starts with evidence collection and log correlation. At Goldman Sachs, we have automated an event-driven cloud response platform that uses AWS native services to successfully collect disk and memory from compromised EC2 instances. Speaker Bio: Ryan Tick and Vaishnav Murthy are cloud security architects for Goldman Sachs, responsible for automating the detection, analysis, and reporting of security incidents in Goldman's public cloud environment. They work with the firmwide Security Incident Response Team to design and conduct purple team exercises and respond to tier 3 security incidents in the cloud. Prior to working at Goldman, they were digital forensics and incident response (DFIR) consultants that led high profile cybercrime investigations for Fortune 100 clients across the globe. They both hold various AWS and GIAC certifications and are GIAC advisory board members.