A security analyst is using the cyber kill chain framework to examine a recent spear-phishing attack against their organization. After identifying the initial compromise, what should the analyst focus on next if following the kill chain model?
Determining lateral movement within the network
Identifying the vulnerability exploited
Investigating the malware installation
Establishing a timeline for data exfiltration