Antiforensics refers to a set of techniques, tools, or practices used to hinder, mislead, or obstruct digital forensic investigations. The goal of antiforensics is to make it difficult or impossible for investigators to recover, analyse or attribute digital evidence accurately. Building on the concept of cloud antiforensics, it's crucial to understand that traditional forensic techniques often fall short when applied to cloud-native environments. Investigators face significant challenges such as lack of physical access, reliance on the cloud provider's logging and retention policies, and the need for cross-jurisdictional cooperation. This opens opportunities for attackers to intentionally disable or tamper with logs, use short-lived compute resources like AWS Lambda to carry out malicious actions, and store payloads in less-monitored services like object storage or serverless APIs. Effective cloud forensic readiness requires proactive measures such as enabling comprehensive logging (e.g. CloudTrail, VPC Flow Logs), enforcing strict IAM policies, and integrating tamper-evident storage solutions to preserve the integrity of evidence. In this demo-driven technical presentation I'll begin by introducing the audience to how log collection, security detection and digital forensics are executed in AWS environments, for example what services are needed to ship data to a SIEM, what delays we can take advantage of, how Guardduty works, and how SOC teams are getting non-cloud-specific logs from servers using SSM.