Hello Reader, 

           I've been really enjoying creating forensic tools with cursor (an AI extended version of Visual Studio Code). While I'm not ready to show my main pet project, an open source clone of FTK Imager, I thought it would be fun to start a series of making a smaller tool with a much more well known API. I've found that the more well known the API is and the more example code the model has ingested the better the results are. That's not to say that less known APIs won't work well, I have it working with dfvfs, but more that it does take more work to get it to find the right examples to work with. 

For this example I've installed cursor and given it a small series of prompts:

"We are going to create a tool to assist forensic examiners and incident responders with investigating AWS accounts. You will create a tool that when provided with AWS credentials will enumerated all of the regions and the resources within them. The code should be written in python"

This created the first part of the script. 

The next prompt 

"Add on a QT GUI written in Pyside6, the top left pane should be a list of regions and when one is selected it displays the resources within it in the top right pane. The bottom pane should be a log of actions taken. There should be a region labeled ALL that allows all regions to be selected and displayed at once."

And now I have a working tool that is enumerating some AWS resources:

You can view the code here: https://github.com/dlcowen/AWSEnumerator

In the next series of posts I'm going to extend the functionality:

1. Selecting what credentials to use, this is defaulting to my default AWS profile for FOR509

2. Include more AWS services

3. Add in support for global views

4. Exporting out the inventory

5. Extracting cloudwatch logs

6. Extracting cloudtrail logs

7. Exporting snapshots 

8. Creating snapshots

9. Exporting lambda functions

10. Enumerating organizations 

11. Exporting flows