DFIR 004 – Another set of questions……


After mulling it over for a while, though, I realized that the entire process really boiled down to a set of questions that the analyst needs to have answers for.

  1. Was this an actual attack?
  2. Was the attack successful?
  3. What other assets were also compromised?
  4. What activities did the attacker carry out?
  5. How should my organization respond to this attack?

end quote: