Investigate Breach Command

Chain these steps:

1. Use forensic-analysis-guide to develop forensic investigation plan
2. Use evidence-preservation to collect and preserve digital evidence
3. Use root-cause-analysis-security to determine how breach occurred
4. Reconstruct attack timeline from logs and evidence

Deliverables:

• Forensic investigation report
• Evidence inventory with chain of custody
• Attack timeline showing attacker actions
• Root cause analysis identifying vulnerability exploited
• Breach scope: what data/systems were compromised

After completion, suggest follow-up commands: respond-to-incident, write-postmortem.