This document describes Azure Forensics & Incident Response which allows users to preserve intrusion evidence without impacting production systems through easy data collection from cloud, containers, and on-premises systems. It uses a patent-pending cloud-based architecture to provide quick automated data processing that is fast, efficient, and effective. This gives users complete visibility and context through seamless investigation of host, log, and memory data sources to identify the root cause using another patent-pending analytics engine.