I am in the early stages of looking at putting together an IR program, and I am being asked to put together a template for all sys admins to begin pulling together the information that they might need during an incident.
I have a few thoughts (system passwords, network diagrams, etc.), but I am wondering what other things should I add to this template.
I guess basically the question I am asking is what information would you absolutely want to have readily available once you are notified that there is an incident of some sort occuring.
Thanks a bunch