This document provides an overview of the incident response analysis methodology. It discusses establishing objectives, understanding the situation and resources needed. Leadership is important to define objectives and prevent miscommunication. The analysis should focus on answering realistic questions within the defined scope. All data sources like operating systems, applications, user data, and networks should be understood. Various analysis methods are described like reviewing anomalies, host artifacts, malware analysis, tools, and manual review. The results should be periodically evaluated for progress and completeness in answering questions.