Businesses are beginning to see the benefits of analyzing breaches after an event. But, as with any security practice, there is still much room for improvement. Here are three important steps that can turn an organizations post-breach assessment into workable best practices that will protect their enterprise from future attacks. The foundation of good forensics is using a methodical approach to reach appropriate conclusions based on the available data or determine that no other conclusion can be drawn. The use of forensics tools can provide quick navigation to the point in time where the suspicious event occurred.”]
Source: https://www.darkreading.com/attacks-breaches/after-the-breach-tracing-the-smoking-gun-