A post-incident review should be conducted by an incident management team to determine:
A.
relevant electronic evidence.
B.
lessons learned.
C.
hacker’s identity.
D.
areas affected.
Explanation:
learned from the attack. Evaluating the relevance of evidence, who launched the attack or what areas were affected are not the primary purposes for such a meeting because these should have been already established during the response to the incident.