AWS whitepapers documentation change
Summary
Removed entire documentation page about forensic evidence collection and analysis procedures
Security assessment
Elimination of forensic documentation removes chain-of-custody guidance but shows no evidence of fixing a specific security flaw. The change reduces security visibility but isn't triggered by a disclosed vulnerability.
Diff
diff --git a/whitepapers/latest/aws-security-incident-response-guide/collect-analyze-forensic-evidence.md b/whitepapers/latest/aws-security-incident-response-guide/collect-analyze-forensic-evidence.md index 1e8f189cb..8b1378917 100644 --- a//whitepapers/latest/aws-security-incident-response-guide/collect-analyze-forensic-evidence.md +++ b//whitepapers/latest/aws-security-incident-response-guide/collect-analyze-forensic-evidence.md @@ -1 +0,0 @@ -[View a markdown version of this page](collect-analyze-forensic-evidence.md) @@ -3,42 +1,0 @@ -[](/pdfs/security-ir/latest/userguide/sir-ug.pdf#collect-analyze-forensic-evidence "Open PDF") - -[Documentation](/index.html)[Security Incident Response](/security-ir/index.html)[](what-is.html) - -# Collect and analyze forensic evidence - -Forensics, as mentioned in the [Preparation](./preparation.html) section of this document, is the process of collecting and analyzing artifacts during incident response. On AWS, it is applicable to infrastructure domain resources such as network traffic packet captures, operating system memory dump, and for service domain resources such as AWS CloudTrail logs. - -The forensics process has the following fundamental characteristics: - - * **Consistent** – It follows the exact steps documented, without deviations. - - * **Repeatable** – It produces the exact same results when repeated against the same artifact. - - * **Customary** – It’s publicly documented and widely adopted. - - - - -It is important to maintain a chain of custody for artifacts collected during incident response. Using automation and having automatic documentation of this collection generated can help, in addition to storing the artifacts in read-only repositories. Analysis should only be performed on exact replicas of the collected artifacts to maintain integrity. - - **Javascript is disabled or is unavailable in your browser.** - -To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions. - -[Document Conventions](/general/latest/gr/docconventions.html) - -Enrich security logs and findings - -Collect relevant artifacts - -Did this page help you? - Yes - -Thanks for letting us know we're doing a good job! - -If you've got a moment, please tell us what we did right so we can do more of it. - -Did this page help you? - No - -Thanks for letting us know this page needs work. We're sorry we let you down. - -If you've got a moment, please tell us how we can make the documentation better.