What to do and not do in case of security incident, data breach or critical infrastructure compromise? From my experience of Red Teamer, Incident Responder and Forensic investigator I will cover the most import tasks that needs to be done shortly after the incident to keep evidence not modified and available for analysis and Law Enforcement.