Digital Forensics & Incident Response (DFIR) is a multi-disciplinary approach to addressing and managing both the preparations for, and aftermath of, an information technology security incident. It often includes in-house IT staff, representatives from management (C-suite, HR), outside cybersecurity consultants, public relations, and legal counsel.  There are many reasons to have a DFIR team on retainer.  First and foremost your situational awareness is impaired when faced with an unfamiliar situation.  Second your IT systems are too complex to learn on the fly, by the time you get up to speed the attacker has most likely finished his tasks and third your reputation is on the line and time is of the essence.