Taking responsive actions on a machine

Once a threat has been identified, there are actions that can be taken on the machine that is suspected of containing the malware or other evidence of activities. Use the following guidance to collect data that can be used as forensic evidence, known as an investigation package, and if necessary, isolate the machine to prevent further risks and give time to carry out a thorough investigation and cleanup.