In the worlds of incident response and forensics, we live in the analysis of data. But are our conclusions following a scientific process or just a gut feeling? This talk will explore various cases where gut feeling wasn’t the best way to analyze a security event and the consequences that came from an improper analysis.Learning Objectives:1: Learn best practices on good quality incident analysis.2: Learn methods of improvement to take back and implement in IR processes,3: Understand why various levels of communication are critical during incident response,Pre-Requisites:Incident response, packet analysis, cursory malware analysis.