Description: In over 75% of incident responses, third-party responders arrive to find a general absence of the data and forensic capabilities required to effectively scope and remediate an incursion.  In this session we will leverage recent, real-world examples of threat actor tactics to discuss the data sources most relevant for an effective incident response.  Attendees will leave with a strategy for collecting focused, security-relevant data to most accurately and efficiently respond to today's most prevalent threats. Expected Outcome: Attendees will leave with a strategy for collecting focused, security-relevant data to most accurately and efficiently respond to today's most prevalent threats. Intended Audience: Information Security Analysts and Management