.
├── 00_Introduction_BTL1/   # exam format, philosophy, strategy, personal experience
├── 01_Phishing_Analysis/   # header analysis, attachment triage, detection workflows
├── 02_Threat_Intelligence/ # IOC management, ATT&CK TTP mapping
├── 03_Digital_Forensics/
│   ├── 02_Disk_Analysis/   # NTFS artifacts, registry hives, file carving
│   └── 03_Memory_Analysis/ # Volatility profiles, injection detection
├── 04_SIEM_Analysis/       # SPL query structures, log correlation rules
├── 05_Network_Analysis/    # BPF filters, protocol anomalies, PCAP carving
└── 06_Incident_Response/   # IR lifecycle, containment, live response