Live IR on a Budget (of $0) presented at BSidesVancouver 2018

by Derek Armstrong,

Summary : Live Incident Response doesn't have to cost an arm and a leg. Just some legwork and a bit of typing can get you up and ready to collect evidence from those thousands of suspect systems. We will be talking about Live IR's place within the forensic landscape, some benefits and pitfalls, as well as some example scripts to show you a starting point. This presentation has been created by someone deep in the trenches of enterprise security. But best of all, it is all for free (as in beer)!