Many of us are confined at home due to the COVID-19 pandemic. But, business as usual, many organizations are still facing security incidents (related to the virus or not). Let's imagine the following scenario: Your phone rings because a customer detected some suspicious activity on a server or a workstation. Of course, it must be investigated \as soon as possible". The server is physically located 500km away and you're stuck at home... How to handle this situation?
During this SANS@MIC webcast, I'll present and demonstrate a customizable live CD based on free tools to perform remote forensic investigations: check filesystems for indicators of compromise, take memory image, extract logs, and much more...