When faced with an email compromise, internal investigation, or other cyber incident, a proper forensic response can bean the difference between success and failure. But not every organization has an internal forensic capability, and hiring an external expert is sometimes cost prohibitive given the circumstances. 

This presentation will explore the "what you need to know" in order to determine when outside assistance is imperative, and how to act quickly to preserve data safely and effectively prior to the arrival of the subject matter experts. We'll examine the response to a cyber event or  investigation using a medical analogy, with non-forensic IT staff in the role of first responders who can take limited action and assess the situation to determine if further help is needed.