http://digbig.com/4kyfq
Peter Stephenson
"Managing security incidents is essentially a problem of forensics. Tests three broad groups of products that will enable organisations of all sizes to respond effectively to network attacks.
Rather than limit ourselves to one type of forensic tool, we approached the challenge of incident response. Link analysers are not used widely by IT professionals, but they should be. If used properly, they can cut weeks off the chore of making sense out of large amounts of information.
Metadata from the computer forensics tools can provide input for the link analyser, and logs can provide network analysis input. As a result, using the link analyser, the investigator can “connect the dots” and get a much better understanding of the interactions that caused the incident. If you once use a link analyser for an incident investigation, you will never want to be without one."
