Determining+if+an+Incident+actually+has+Ocurred


 * examine firewall logs

TIMELINE ANALYSIS media type="custom" key="5149889" align="left"
 * Its an important technique to determine if an attac took place looking at the network events
 * 1) extract all data from all logs
 * 2) Place all events on graph
 * 3) Review, either there are peaks or there is not
 * this is only apeice of eveidence and cannot be used for the full case.