Analyze the scenarios of crimes derived from criminal actions that are carried out on the information assets of the organization, in search of clues that lead to determine who carried out such action; and what is more important, to determine the sequence of events that allow correcting and shielding the accesses, in order to minimize the events that appear.