Additional Resources - AWS Security Incident Response Guide

Additional Resources

For additional information, see:


Third-Party Tools

The following links to third-party tools are external and are not endorsed by AWS. AWS offers no guarantees or representations of any kind about these tools or pages.

  • AWS_IR – Python installable command line utility for mitigation of host and key compromises.

  • MargaritaShotgun – Remote Memory Acquisition Tool.

  • ThreatPrep – Python module for evaluation of AWS account best practices around incident handling readiness.

  • ThreatResponse Web – Web based analysis platform for use with the AWS_IR command line tool.

  • GRR Rapid Response – Remote live forensics for incident response.

  • Linux Write Blocker – The kernel patch and user-space tools to enable Linux software write blocking.

Industry References