What time did the attack happen? How did the hacker get into the network? What computers were compromised? What computers were accessed? What data was extracted from the network? What type of attack was conducted? How long did the attacker have access to the network? Is there any persistence on the network for future attacks?