performing-cloud-forensics-with-aws-cloudtrail
CommunityExpose attacker activity in AWS via CloudTrail.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Perform forensic investigation of AWS environments using CloudTrail logs to reconstruct attacker activity, identify compromised credentials, and analyze API call patterns.
Core Features & Use Cases
- Reconstruct attacker timeline from CloudTrail events using LookupEvents and optional Athena queries.
- Track compromised credentials via AccessKeyId, UserName, EventName patterns, and source IPs for attribution.
- Generate forensic reports including persistence detection and inventory of suspicious API calls for incident response.
Quick Start
Run the forensics agent to scan CloudTrail logs and generate a forensic report.
Dependency Matrix
Required Modules
boto3
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: performing-cloud-forensics-with-aws-cloudtrail Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#performing-cloud-forensics-with-aws-cloudtrail Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.