Capturing Volatile Data

Although you might not choose to perform the online investigation, it is important to understand the necessary mechanisms to capture volatile data from an instance. An online investigation requires interaction with the operating system that is running on the Amazon EC2 instance. In this scenario, you need more than the AWS IAM service to execute tasks on an Amazon EC2 instance. Although you could authenticate directly to the machine using a standard method (such as Linux secure shell (SSH) or Microsoft Windows remote desktop (RDP)), manual interaction with the operating system is not a best practice. We recommend that you programmatically use an automation tool to execute tasks on a host.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Investigation Decisions

Using AWS Systems Manager