| Malware Identification Decision Tree |
| 3. Incident Response Phases |
 | 3.1. Preparation |
| 3.2. Detection and Analysis |
| 3.3. Containment |
| 3.4. Eradication |
| 3.5. Recovery |
| 3.6. Post-Incident Activity |
| 1. Suspect Worm |
| 2. Suspect Advanced Persistent Threat |
| 4. Suspect Virus |
| 5. Suspect Trojan |
| 6. Symantec Specific Analysis Steps |
| 7. Information References |