AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2025-07-25 · Documentation low

File: solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/optional-additional-configuration-cloud9-environment-setup.md

Summary

Updated documentation to reference Volatility 3 instead of Volatility 2, replacing 'profiles' terminology with 'symbol tables' and adjusting S3 bucket configurations for symbol table storage.

Security assessment

The changes reflect an update to a newer version of the Volatility memory forensics tool (v2 to v3) and correct terminology ('profiles' to 'symbol tables'), but there is no explicit mention of addressing a security vulnerability or weakness. The IAM role access note for the S3 bucket (security best practice) was already present and unchanged. This is a maintenance update rather than a direct security fix.

Diff

diff --git a/solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/optional-additional-configuration-cloud9-environment-setup.md b/solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/optional-additional-configuration-cloud9-environment-setup.md
index 985857517..9eb6c30f6 100644
--- a//solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/optional-additional-configuration-cloud9-environment-setup.md
+++ b//solutions/latest/automated-forensics-orchestrator-for-amazon-ec2/optional-additional-configuration-cloud9-environment-setup.md
@@ -93 +93 @@ to:
-You can update the memory investigation step with other tools by updating the SSM commands. The sample command clones the GitHub link to set up Volatility in the compromised instance. The updated command below downloads the Volatility components from an internal S3 bucket to the AWS account. The Guidance depends on the Volatility profile of the OS and kernel version of the compromised instance. The Volatility profile is a prerequisite to perform memory investigation.
+You can update the memory investigation step with other tools by updating the SSM commands. The sample command clones the GitHub link to set up Volatility in the compromised instance. The updated command below downloads the Volatility components from an internal S3 bucket to the AWS account. The Guidance depends on the Volatility symbol table of the OS and kernel version of the compromised instance. The Volatility symbol table is a prerequisite to perform memory investigation.
@@ -95 +95 @@ You can update the memory investigation step with other tools by updating the SS
-For memory investigation, the Guidance provides a sample SSM document which leverages Volatility 2 to perform memory investigation.
+For memory investigation, the Guidance provides a sample SSM document which leverages Volatility 3 to perform memory investigation.
@@ -122,2 +122,2 @@ CDK config | Default value | Description
-**vol2-profiles-bucket** |  `n/a` \- leverages the bucket created |  Bucket to store Volatility profiles based on kernel version of the compromised instance to perform memory forensics. Ensure forensic investigation IAM role is updated to and has read-only access to S3 bucket.  
-**vol2-profiles-key** |  `/volatility2/profiles/` |  Prefix in the vol2-profiles-bucket to store the profiles.  
+**vol3-symboltables-bucket** |  `n/a` \- leverages the bucket created |  Bucket to store Volatility symbol tables based on kernel version of the compromised instance to perform memory forensics. Ensure forensic investigation IAM role is updated to and has read-only access to S3 bucket.  
+**vol3-symboltables-key** |  `/volatility3/symboltables/` |  Prefix in the vol3-symboltables-bucket to store the symbol tables.