Following a data breach, investigators need as much information as possible on exactly what data was stolen during a breach. In recent years there have been numerous high-profile data breaches of critical importance. Edward Snowden has become a household name but there are many others such as Joshua Shulte.
Incident Response teams can often determine which endpoints adversaries accessed, but not what data was stolen. This can set teams back for years and create substantial risk for organizations and in certain situations people’s lives as well.