Consider the following five questions and write a response to each one.
How do you go about finding information when you have been told that there has been a break-in?
What servers were compromised?
Was network equipment comprised?
What user accounts were employed to do gain access?
What vulnerabilities were exploited?
What can be done to prevent a recurrence?
