If it can help anyone, I just wanted to share that I have published on Github a repo with a full lab simulating
an attack on an EC2 instance of a load-balanced web-application
the automated incident response, taking that EC2 instance off line
the automated forensic anaylsis by taking a memory dump and snapshot of the compromised instance and starting analysis in a Forensic VPC
store the reports in S3
The repo is here: https://github.com/mlnrt/incident-response-and-forensic
I have also published videos in case you don’t feel like trying it yourself in your account.
I hope this is helpful to anyone.
Goode learning and all the best for the exam.
Nice works, thanks for sharing that with everyone!