So I admit I'm a bit out of date on the 'incident response' scene since I don't really do it for a living anymore. Well fortunately Harlan Carvey isn't and he has a blog post up with a mini-review of some bad-ass new software that could be *really* interesting for people who do forensics / incident response for a living!
Check out Harlan's blog here: http://windowsir.blogspot.com/ (http://windowsir.blogspot.com/search?q=f-response)
So a company called F-Response has developed software that will mount a remote disk (read-only) via a simple TCP/IP connection using the iSCSI protocol so you get raw disk access . . . via the network.I admit - I had heard of iSCSI but wasn't really aware of what you could do with it . . . and this is cool stuff. Check out Harlan's blog post for some screen shots and ideas.