Snapshot-Sleuth
Serverless Forensic Automation System
Overview
Snapshot-Sleuth is a production-grade automated forensic analysis system for AWS EBS snapshots. It transforms incident response from hours of manual work into minutes of automated processing using event-driven serverless architecture.
71%
Faster Processing
150+
Hours Recovered
100+
Snapshots Analyzed
16
CDK Stacks
Architecture Highlights
- Event-driven ingestion via EventBridge and SQS for automatic workflow triggering
- Hybrid compute model combining Lambda orchestration with EC2 forensics
- Multi-tool scanning with YARA, ClamAV, and custom artifact collectors
- Infrastructure as Code using AWS CDK across 20+ regions
Technical Stack
| Category | Technologies |
|---|---|
| Languages | TypeScript, Python, React |
| AWS Services | Lambda, Step Functions, EventBridge, EC2, S3, DynamoDB, CloudWatch, X-Ray |
| Forensic Tools | YARA, ClamAV, ColdSnap |
| Infrastructure | AWS CDK, Turborepo, Bun |
Technical Case Study
Deep dive into the architecture, implementation patterns, and lessons learned building this system.
Read the Case Study