This document discusses tools and techniques for incident response. It outlines the stages of a threat including reconnaissance, luring a target, redirecting them to exploit kits, dropping malware files, and stealing data. It also provides a data control mapping showing who has access to what sensitive information within an organization and how it is accessed. Finally, it discusses preparing for incidents through data collection and monitoring, establishing roles and structure, and responding by detecting, containing and mitigating threats during an incident and analyzing afterward.