Once you have built and deployed security infrastructure and automated key aspects of security operations you should validate your work through an Incident Response simulation. In this session we discuss the best way to protect your logs; how and why to develop automated IR capabilities via AWS tooling (e.g. Lambda); the importance of testing existing forensics tools to ensure efficacy in cloud environment; and ways to test your plan early and often.