An external forensics investigator has been hired to investigate a data breach at a large enterprise with
numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive
information, generating multiple logs as the attacker traversed through the network. Which of the following will
best assist with this investigation?
A. Perform a vulnerability scan to identify the weak spots.
B. Use a packet analyzer to investigate the NetFlow traffic.
C. Check the SIEM to review the correlated logs.
D. Require access to the routers to view current sessions.
numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive
information, generating multiple logs as the attacker traversed through the network. Which of the following will
best assist with this investigation?
A. Perform a vulnerability scan to identify the weak spots.
B. Use a packet analyzer to investigate the NetFlow traffic.
C. Check the SIEM to review the correlated logs.
D. Require access to the routers to view current sessions.