Summary
Working from a vague security alert, the team was able to use network forensics to identify specific systems to quarantine and where to focus attention on cleaning up the attack. Network forensics enabled the team to find proof of the attack and trace its effects.