Task ID: T1090
Determine best methods for identifying the perpetrator(s) of a network intrusion
Work roles with this Task
Digital Forensics
Category: Protection and DefenseNICE Framework ID: PD-WRL-002Responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.
Cybercrime Investigation
Category: InvestigationNICE Framework ID: IN-WRL-001Responsible for investigating cyberspace intrusion incidents and crimes. Applies tactics, techniques, and procedures for a full range of investigative tools and processes and appropriately balances the benefits of prosecution versus intelligence gathering.
Digital Evidence Analysis
Category: InvestigationNICE Framework ID: IN-WRL-002Responsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.
Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)