The GCP Compute Engine is a powerful platform for hosting and managing virtual machines, but like any system, it is not immune to incidents and cyberattacks. In this talk, we will explore how to conduct forensics and incident response investigations on the GCP Compute Engine. We will begin by discussing the basics of the GCP Compute Engine, including its architecture and security features. We will then cover the various types of incidents that can occur on the Compute Engine, such as malware infections, data breaches, and unauthorized access. Next, we will delve into the forensic process for investigating incidents on the Compute Engine. We will cover topics such as collecting and preserving evidence, analyzing logs and network traffic, and identifying the root cause of the incident. Finally, we will discuss best practices for incident response on the Compute Engine, including how to contain and mitigate the impact of an incident, and how to report and communicate the incident to stakeholders.