There are many digital forensic tools and techniques available to conduct an end-to-end forensic investigation. An end-to-end investigation tracks all elements of an attack, including how the attack began, what intermediate devices were used during the attack, and who was attacked. A typical investigation will involve visual analysis to statically review the contents of any drives, as well as dynamically review logs, artifacts (strategies for handling digital artifacts), and Internet activity from the web history associated with the breached network (web browser forensics).
The investigation concludes when the investigator examines all of the information, he or she correlates all of the events and all of the data from the various sources to get the whole picture, and reports and evidence are prepared in a forensically sound manner.