Abstract
In an era of escalating cyber threats, informed incident response is critical. While larger enterprises utilize dedicated Security Operation Centers (SOC), smaller entities often lack forensics capabilities. This project introduces the "Preliminary Forensics-based Incident Response Software" (Perseus), designed for these organizations. The tool proactively gathers forensic data, enhancing post-incident understanding of attack vectors. Utilizing
a server and console interface, it monitors system activities, captures user commands, and more, while preserving a baseline of authorized processes and devices. In case of an incident, the software can rapidly lock down the system, ensuring critical data preservation. By comparing its data with traditional findings, the tool notably increases the amount of available forensic information post-incident, offering forensics enhancing solutions for organizations without advanced SOC resources.