During an incident analysis session, a security analyst is charting out an intrusion based on the intersection of different elements like the tools used, the infrastructure leveraged for attack execution, and the profile of the threat actor. Without explicitly classifying these elements, the analyst is attempting to recognize patterns and adversaries through correlating disparate but related events. Which analysis framework aligns with the analyst's approach for gaining actionable intelligence?
Diamond Model of Intrusion Analysis
Adversary Tactics, Techniques, and Common Knowledge (ATT&CK)
Indicators of Compromise (IoCs) framework
Preparation phase of Incident Response lifecycle