Endpoint Incident Response using - Windows Live Response
BriMor Labs Windows Live Response Collection is a multi-platform tool that can automate the gathering of volatile and non-volatile data from an endpoint that can be used for forensic related investigation such as memory dump, prefetch and etc. It let you choose between Complete, Memory Dump or Triage option.
Complete option will gather a memory dump, volatile data, and full disk image.
Memory Dump option will gather a memory dump and volatile data.
Triage option will gather a volatile data.
From an incident response perspective, identifying the patient zero during the incident or an infection is just the tip of the ice berg. A responder must gather evidence, artifacts, and data about the compromised systems and having the right tool to execute these actions is a must. Not only it automate everything, but it also helps the responder to reduce the time to solve the issue.