It's always amazed me how a high profile incident seems to turn up management and executives in an incident response environment. When a serious incident hits, everyone wants to hang out with the incident responders, even people who one might never see day to day. In these type of situations, managing up is key. Management and executives have the best intentions, but they don't work with the data day to day, and their technical skills may be a bit dated. Suggestions on how to proceed, what analysis to do, and how to do it will fly at an incident responder faster than he/she can process them. Unfortunately, many ideas that seem good in theory are not good ideas in practice. The volume and variety of data makes finding the right approach tricky, and many behaviors that seem like they would indicate malicious activity don't. Trust your senior team members and manage up in the best way you can. Your team will be more productive because of it, and your senior team members will thank you for it.