This really doesn't relate to backtrack. But what you are looking for is Network security with Digital Forensics. I currently am enrolled in a computer/digital forensics degree program. The first steps are all planning mostly. Having an IDS in place and proper security measures in place BEFORE an attack happens to be able to track down malicious activity. And if it is internal, say an employee at a business, there is a policy typically that says the company ownes all your traffic and can take your computer and dig into it at any time. Handling Corporate cases are a lot easier than Criminal cases because with corporate you pretty much have full access to do analysis on machines. Read up on Computer Forensics and network security to better fit your curiosity. A computer forensic law course wouldn't hurt either :P.