Once any incident is over and done with, the team needs to focus on the lessons learned. From an incident response perspective, the focus is on answering questions such as the following:
From a network forensics perspective, the additional questions to be answered include the following:
While the attackers constantly evolve and innovate in order to keep coming up with newer ways to compromise the networks without getting detected, network forensic investigators too have to keep pace. This means constantly updating oneself, learning from peers, attending conferences and training programs, and so on. Rather than being in a reactive mode, it makes sense for the network forensic investigator to keep his eyes on the future.
3.15.219.130