Section Contents

• 📄 LetsDefend: Cloud Forensics

  Investigating a compromised AWS account using CloudTrail logs.

• 📄 LetsDefend: Dynamic Malware Analysis

  Detonating malware in a sandbox and analyzing behavior with Procmon and Wireshark.

• 📄 LetsDefend: Linux Forensics

  Parsing /var/log/auth.log to track an SSH brute force and persistence.

• 📄 LetsDefend: NTFS Forensics

  Using MFT (Master File Table) analysis to prove a file existed after it was deleted.

• 📄 LetsDefend: Registry Forensics

  Analyzing ShimCache and AmCache to prove exploit execution.