| Malware Identification Decision Tree |
| 5. Suspect Trojan |
 | 5.1. Manual Analysis and Remediation Steps |
| 5.2. Wipe/Restore Machine? |
| 5.3. Widespread? |
| 5.4. Post-op Prevent Recurrence Policy |
| 1. Suspect Worm |
| 2. Suspect Advanced Persistent Threat |
| 3. Incident Response Phases |
| 4. Suspect Virus |
| 6. Symantec Specific Analysis Steps |
| 7. Information References |