The Incident Response Collection Report (IRCR) is a script to call a collection of tools that gathers and/or analyzes data on a Microsoft Windows system. You can think of the output as a snapshot of the system in the past. Most of the tools are oriented towards data collection rather than analysis.

If you have any questions, comments and/or suggestions, please email me at mcleodjp@yahoo.com.

"We define a computer security incident as any unlawful, unauthorized or unacceptable action that involves a computer system or a computer network."
- Mandia, Prosise & Pepe
Incident Response & Computer Forensics

Prepare/Plan

Review your policies

 

 

Respond

Obtain enough information to determine an appropriate course of action.

 

 

 

Analysis

Prove or disprove an allegation. 

 

 

License

This is free; Therefore, refer to General Public License (GPL) for details.