Companies that have had their industrial networks attacked from the outside usually don’t realize it at all, or if they do, that knowledge probably comes a year or more after the initial incident. Why? Companies don’t understand their own networks well enough to know when something is happening that shouldn’t be happening. There is no practical way to apply concepts of digital forensic investigation if you don’t understand your own networks. Robert M. Lee and Matthew E. Luallen will discuss how you can analyze and document your systems well enough to perform incident response and learn from those attacks. Your ability to know every detail about your systems is the biggest advantage you have when trying to secure your systems. Put that knowledge to work.