Earlier this year, Beyond Security’s beSIRT released an incident response forensic analysis of a defacement attack by Team Evil [Team Evil Incident (Cyber-terrorism defacement analysis and response)].
The PDF itself can be found here:
A follow up is being released today, on a second incident. Following what Team Evil did, their methodology and how it changed since the first document was released.
The aim of this document is more to show how such analysis is done, on an educational note. The PDF can be found here:
We hope you find this useful.