The Forensics & Incident Response tool allows your IT team to identify, track, and resolve email attacks from outside your organization, for example, a phishing or ransomware attack. You can search for any ALLOWED email (by subject and/or sender) that your users may report to you as malicious and perform remediation action on the same. Remediation options, for now, include sending an email to the recipient of the email and/or quarantining the email from the recipient’s inbox. Quarantining is only available to Office 365 users (for now). If users click on a fraudulent link in an email, the Forensics & Incident Response tool allows you to identify these users for potential security concerns on their workstations, and determine if additional security training is necessary.