-
Notifications
You must be signed in to change notification settings - Fork 2
/
AWS_Forensics.cloud-init.yaml
74 lines (72 loc) · 1.16 KB
/
AWS_Forensics.cloud-init.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#cloud-config
# General Forensic Operational Box for AWS EC2
# Package Footprint: 314MB fetch, 1324MB installed
# MIT License - Maestretti 2016
package_upgrade: true
packages:
- awscli
- python-pip
# Disk Forensics
- scalpel
- sleuthkit
- plaso
# ext
- ext4magic
- extundelete
# File Recovery / Reading
- unzip
- bcrypt
- ccrypt
- gzrt
- foremost
- p7zip
- unrar
# File Search / Compare
- fdupes
- kdiff3
- ssdeep
- hashdeep
- vbindiff
# Memory Forensics
- volatility
- volatility-tools
- lime-forensics-dkms
- yara
# Reversing (lite)
- ht
- aeskeyfind
- rsakeyfind
- ent
- clamav
- shed
# Compilers
- build-essential
- gcc
- gdb
- git
- ipython
# Secure Files
- gnupg
- pwgen
# Applications
- screen
- apt-utils
# Network
- netcat
- socat
- tcpdump
- tshark
- masscan
- traceroute
- tcptraceroute
users:
- name: firstlast
groups: users,admin
ssh-authorized_keys:
- ssh-rsa PUBLICKEYPASTEDHERE
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
# Use this section to download additional scripts specific to your environment
#runcmd:
# - aws s3 cp s3://forensics/response_scripts.deb .
# - dpkg -i response_scripts.deb