The Log4Shell vulnerability, identified as CVE-2021-44228, has been one of the most critical security threats in recent history, affecting a vast number of systems that rely on Apache Log4j for logging. The flaw allows remote code execution (RCE) through attacker-controlled LDAP endpoints, making it an attractive vector for cybercriminals to compromise systems, deploy malware, and establish persistent access. This lab is designed to test an investigator’s ability to detect, analyze, and respond to a Log4Shell exploitation scenario in a compromised environment. The investigation begins by examining forensic artifacts from a Windows system suspected of being exploited via Log4Shell. The lab involves analyzing registry hives, log files, system processes, and executable binaries to uncover traces of malicious activity. Attackers often use vulnerabilities like Log4Shell to deliver remote payloads, establish persistence mechanisms, and deploy ransomware or backdoors. The challenge requires identifying the specific techniques used by the attacker, such as malicious PowerShell execution, registry modifications, and network-based exploitation. Throughout this walkthrough, various forensic tools will be utilized, including Registry Explorer, dnSpy, FakeNet, and VirusTotal, to extract relevant indicators of compromise (IOCs) and analyze malicious binaries. Investigators will also work with decoded PowerShell scripts, obfuscated binaries, and encrypted strings to determine how the attacker maintained control over the compromised system. The objective is to correlate evidence across different system components, understand the attack chain, and apply effective mitigation strategies. By completin