Incident Response — Northforge Security Toolkit

Overview

Track the live state of the incident and capture the current analyst view.

Case Title Incident Type Status Severity Lead Analyst

Opened

Updated

Incident Summary

Triage

Capture the first-response state: detection source, scope, containment, and critical first actions.

Detection Source Containment Status Affected Assets / Users Scope Notes

Validate alert and confirm it is actionable Preserve evidence before destructive action Identify likely users, systems, and data in scope Notify stakeholders and document escalation Begin containment or monitoring actions

Evidence

Record artifacts, hashes, storage locations, and collection metadata in one place.

Workflows

Jump into the right workflow based on the evidence type and what the handbooks emphasize.

Timeline

Track actions, findings, and decisions in reverse chronological order.

Report

Generate a structured handoff-ready incident summary from the live case state.