General Questions

Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

IREC is an all-in-one Evidence Collector which lets you collect critical evidence from a live system with a single mouse click.

IREC works by parsing file systems and low level operating system structures which makes it a powerful tool against malware.

IREC collects the following evidence from a live system

  • System Information
  • RAM Image
  • PageFile
  • MFT as CSV
  • Event Logs
  • Registry Hives
  • Recycle Bin Information
  • Desktop and Window Screenshots
  • Prefetch Files
  • WMI Scripts
  • Clipboard
  • DNS Cache
  • ARP Table
  • Routes
  • TCP Table
  • UDP Table
  • Network Adapters
  • Hibernation File Information
  • Crash Dump Information
  • Network Shares
  • Volume
  • System Restore Points