You are a consultant requested by one of your clients, a Chief Technology Officer (CTO) of a major online stock trading company, to respond to an intrusion that has infected 350 Windows PCs users spread throughout a large multi-level office building. The CTO is not satisfied with the current response and would like an incident response professional to create a „hypothesis? on a possible cause of the symptoms of the attack, and the specifics of the required approach related to intrusion detection and response. An example of a hypothesis would be: "The PCs on the network are suffering from a high rate of malicious code infection and network security has been compromised."
After creating your hypothesis, what IDS approach, required tools, and incident detection and response principles must be implemented by the professional to prove or disprove your stated hypothesis? What are the steps used to prove or disprove your hypothesis? How is your hypothesis verified to determine it was successful?