[How?] Prove of attacks
So I am wondering how to prove an attack was happened? Let's say a UDP flood, my imagination is putting a bunch of packet logs, grep the IP and count the packet, then pack this as "proof". But I assume there's a more decent way to approach the gather of proofs and evidences?