The DFIR AI Assistant is a security investigation tool I built to automate parts of the digital forensics and incident response workflow. It ingests Windows event logs, detects suspicious activity such as brute force attempts, encoded PowerShell execution, and possible lateral movement, then generates a structured case report with a timeline of events and key indicators of compromise. A SOC-style dashboard allows analysts to review cases and investigate findings.
This project documents the design and implementation of a cloud-native detection pipeline in AWS. The goal was to simulate sensitive API activity, detect it in near real-time, and store structured alert data for analysis. Rather than simply provisioning resources, this lab demonstrates how activity inside an AWS account can be monitored, detected, and preserved for investigation.
In this project, I simulate the implementation of a comprehensive vulnerability management program, from inception to completion. Inception State: the organization has no existing policy or vulnerability management practices in place. Completion State: a formal policy is enacted, stakeholder buy-in is secured, and a full cycle of organization-wide vulnerability remediation is successfully completed.
