Those of us who operate within the constructs of digital forensics and incident response understand the nuances of the related acronym (DFIR) intimately. This presentation will offer insight on a slightly different take on DFIR using R, the open source programming language and software environment for statistical computing and graphics. Forensics and incident response both suffer from, and can benefit from, the data explosion. That said, modern DFIR programs are obligated to embrace and attempt to master security data science. Doing so effectively can lead to vastly improved visualization, and behavioral analysis. We'll discuss such opportunities and provide an overview of some basic tools, tactics and procedures to get you started. Code examples will be included and shared for practice and exploration.