Endpoint Incident Response using - BLUESPAWN
BLUESPAWN by ION28 is an active defense and endpoint detection and response tool, which means it can be used by defenders to quickly detect, identify, and eliminate malicious activity and malware across a network.
From an incident response perspective, identifying the patient zero during the incident or an infection is just the tip of the ice berg. A responder must gather evidence, artifacts, and data about the compromised systems and having the right tool to execute these actions is a must. Not only it does automate everything, but it also helps the responder to reduce the time to solve the issue.