VERY IMPORTANT

This case study contains information from an engagement that the RSA Incident Response (IR) team worked during the September to October 2013 timeframe. It highlights the analysis flow using two of our flagship products, Security Analytics (SA) and the Enterprise Compromise Assessment Tool (ECAT), for an Advance Persistent Threat (APT) intrusion investigation. These key technologies allow RSA analysts to process massive datasets and find forensically interesting artifacts in near real-time and more quickly than using standard incident response processes.