performing-cloud-forensics-investigation
CommunityAutomate cloud forensics investigations end-to-end.
Data & Analytics#multi-cloud#log-analysis#incident-response#cloud-forensics#cloudtrail#forensic-snapshots#iam-activity
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Cloud environments generate vast logs, snapshots, and IAM activity data that are difficult to unify during investigations. This Skill automates the collection and analysis of cloud-forensics evidence across AWS, Azure, and GCP to accelerate incident response.
Core Features & Use Cases
- Collect CloudTrail, Azure Activity/Audit Logs, and GCP Cloud Logging to map attacker activity across providers.
- Create forensic snapshots of EC2 disks and VM images for preservation and later analysis.
- Analyze IAM credential usage, identify suspicious actions, and summarize findings for reporting.
- Generate structured incident response artifacts (evidence inventory, findings, and a concise report) for multi-cloud investigations.
Quick Start
Run the cloud-forensics agent to start collecting evidence from your AWS, Azure, and GCP environments.
Dependency Matrix
Required Modules
boto3botocore
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: performing-cloud-forensics-investigation Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#performing-cloud-forensics-investigation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.