In today's rapidly evolving digital landscape, the increasing frequency and the scale of security incidents pose significant challenges for incident response teams. The traditional approach, rooted in digital forensics, is no longer sufficient nor is it efficient enough. It's time for a shift towards an automated incident response strategy that combines the investigative prowess of a digital detective with a DevOps mindset.

In this talk, we will present how the incident response process of acquiring data, processing data, and analyzing information can be automated. Based on how we have built our incident response lab using open-source software packages developed by Microsoft (AVML), Google (Timesketch, WinPmem), Rapid7 (Velociraptor), Fox-IT (Dissect), Elastic, KROLL (KAPE) and HashiCorp (Terraform, Vault). We will guide you from using tools manually to using these tools automatically and magically. Well not really magically, but we will emphasise the application of a DevOps mindset to the process that most incident responders execute on a daily basis including ourselves, combined with examples that can be put into practice.