Once any incident is over and done with, the team needs to focus on the lessons learned. From an incident response perspective, the focus is on answering questions such as the following:
How did this happen?
What can we do to prevent it from reoccurring?
What preventive measures can be put into place?
How can monitoring and alerting be improved?
From a network forensics perspective, the additional questions to be answered include the following:
While the attackers constantly evolve and innovate in order to keep coming up with newer ways to compromise the networks without getting detected, network forensic investigators too have to keep pace. This means constantly updating oneself, learning from...