Automated Incident Response: AWS Lambda Forensic Snapshots, Velociraptor, and Timesketch for Timeline Analys
Abstract
This paper proposes a serverless, automated incident response framework tailored for cloud-native environments. The workflow integrates AWS Lambda for EBS snapshot acquisition, Velociraptor for live memory collection, and Timesketch for timeline analysis, enhanced by YARA-based signature matching and VirusTotal API enrichment. It addresses the shortcomings of traditional forensic approaches—manual workflows, delayed evidence capture, and fragmented analysis pipelines—by offering a modular and scalable architecture. By automating key stages of forensic triage and integrating open-source tools with cloud-native triggers, this framework improves detection speed, operational efficiency, and investigative accuracy in elastic infrastructure environments.