The Myricom nVoy Series Automated Investigative Response (AIR) is a network packet recording and automated incident investigation solution. It consists of two paired components: the nVoy 10Gbit packet recorder and the nVoy AIR application. The nVoy packet recorder is inserted into a network above identified critical assets, where it continuously ingests all network traffic in real time — capturing, filtering, recording, and indexing data 365 days a year. Recorded data is stored for on-demand retrieval, enabling forensic analysis and the reconstruction of past network conversations. The nVoy AIR application works alongside the recorder by monitoring alerts issued from firewalls or IDS/IPS systems. When an alert is triggered, the application checks whether the flagged activity involves user-specified critical assets (devices, applications, or both). If so, it automatically triggers the recorder to generate an extract file containing all data conversations associated with that alert — without requiring manual intervention. This automation addresses two specific steps in incident investigation: 1. Matching an intrusion alert to an actual data breach 2. Extracting the relevant network conversations tied to that breach The resulting extract files allow security teams to determine what data was accessed, when a breach began and ended, and what other assets may have been affected. This is intended to reduce investigation time and support compliance reporting requirements, such as those under GDPR.