In the aftermath of a cyber disaster, finding the source of the attack is a tedious undertaking that requires sifting through masses of data—all while adversaries could be preparing a follow-on assault. Conducting post-attack forensics analysis is a critical part of a comprehensive incident response strategy. Without thoroughly scanning the environment for any remaining trace of post-attack persistence, your organization is in danger of reintroducing infection, which prolongs the business disruption. Comprehensive post-breach forensics analysis helps you:
- Find evidence of attacks—indicators of compromise (IOCs)—to determine whether an attack was in progress when the backup snapshot was taken, increasing the risk of reintroducing malware.
- Assess the AD environment for current intrusions within a specified attack window.
- Find and remediate indicators of Exposure (IOEs) before you bring the environment online post-attack.