VM Instances for IR#

Purpose	Recommended Specs	Recommended Software	Approx Cost (USD)/month	Availability
Triage and GCP investigation	Machine Type: `e2-medium` (2vCPUs, 4GB RAM) Boot Disk: `30 GB Standard Persistent Disk` Service Account: Account referenced here Cloud API access scopes: `Allow full access to all Cloud APIs` OS: `Ubuntu 20.04 LTS`	Ops Agent jq kubectl Python libraries: pandas ipywidgets	33.47	Always started
Forensic and malware analysis (where created forensic disk is attached to)	Machine Type: `e2-standard-4` (4vCPUs, 16GB RAM) Boot Disk: `128 GB SSD Persistent Disk` Network: Isolated network from other compute instances Service Account: `Compute Engine default service account` Cloud API access scopes: `Allow default access` OS: `Ubuntu 20.04 LTS`	Ops Agent SIFT Go jq Container Explorer Docker Explorer	144.63 (if always started)	Started when needed

GCP IR Notes