The Incident Response Collection Report (IRCR) is a script to call a collection of tools that gathers and/or analyzes data on a Microsoft Windows system. You can think of the output as a snapshot of the system in the past. Most of the tools are oriented towards data collection rather than analysis.
If you have any questions, comments and/or suggestions, please email me at mcleodjp@yahoo.com.
"We define a computer security incident as any unlawful,
unauthorized or unacceptable action that involves a computer system or
a computer network."
- Mandia, Prosise & Pepe
Incident Response &
Computer Forensics
Prepare/Plan
Review your policies
Respond
Obtain enough information to determine an appropriate course of action.
Analysis
Prove or disprove an allegation.