Analytic Models/Approaches

One popular approach is the Diamond Model of Intrusion Analysis. Used by the DoD, IC and the highest quality security vendors. This model focuses on the relationships and characteristics of four components: the adversary, capabilities, infrastructure, and victims. An intrusion event is defined as how the attacker demonstrates and uses certain capabilities and techniques over infrastructure against a target.

Applying Cyber Diamond Model by Recorded Future

Detailed Paper

Star Wars Death Star Example

Money is a powerful motivator. Money is usually required to make things happen. When things don't make sense, or if you hit a roadblock in your analysis, following the money is a tried and true method to making new discoveries and unlocking secrets.

Follow the money, a handbook