Incident Response (IR) is the umbrella term for activities where an organization recognizes and responds to an event. It applies to anything from your corporate website going down, to the loss of a database server, or even security incidents such as a user workstation compromised by malware. The purpose of Incident Response is to gather the information required to make educated decisions about how to deal with a specific event, and act upon the information gathered. I’ve spent the last 6 years doing security incident response. My job has often entailed analyzing compromised machines for forensic artifacts, reviewing large amounts of various types of logs, and correlating event data related to the incident across a multitude of platforms and systems. I spent most of the early part of my career focusing on very traditional IR within Windows-based enterprise environments, but I’ve found the general idea of IR involving the cloud.