The systems, logs, and data that were preserved earlier are ready to be processed and analysed by a specialist Digital Forensics and Incident Response team part of the IT Security provider engaged in the detection step. This stage can take a while, it is labour-intensive and can be expensive depending on the complexity and spread of the incident. However, it is well worth it. It allows for positioning yourself to be stronger in the future, reducing the risk caused by the exfiltration of data, and understanding what, how, and why the incident occurred.